Installation

Original

John The Ripper (JtR) is developed as part of the Openwall project and can be obtained via CVS:

cvs -d :pserver:anoncvs@anoncvs.owl.openwall.com/cvs login              # CVS password: anoncvs
cvs -d :pserver:anoncvs@anoncvs.owl.openwall.com/cvs co Owl/packages/john
mv Owl/packages/john/john john-cvs && rm -rf Owl
cd john-cvs
cvs update

Build with:

sudo apt-get install libssl-dev                             # Debian
sudo dnf install openssl-devel                              # Fedora

cd src
make                                                        # Help text will be displayed
make linux-x86-64

Or, if openssl has been installed somewhere else:

make linux-x86-64 JOHN_CFLAGS=-I/opt/openssl/include NSS_LDFLAGS=-L/opt/openssl/lib

$ ls -lgo ../run/john
-rwxr-xr-x 1 235432 Sep 19 19:36 ../run/john

Jumbo

A more current version can be found on elsewhere:

git clone https://github.com/magnumripper/JohnTheRipper.git jtr-git

Build with:

sudo apt-get install libssl-dev libgmp3-dev                 # Debian
sudo dnf install openssl-devel gmp-devel                    # Fedora

cd jtr-git/src
./configure && make clean && make

For some reason, make install did not work, so we have to copy some configuration files manually:

FIXME

sudo mkdir -p /opt/jtr/share/john/ && sudo cp ../run/*.conf /opt/jtr/share/john/ && sudo mv ../run/* /opt/jtr/
sudo chown -cR root:root /opt/jtr/ && sudo chmod -c a+rX /opt/jtr/ && sudo find /opt/jtr/ -executable | sudo xargs chmod -c a+rx

Notes:

On MacOS X it may be necessary to use CC=/usr/bin/gcc if another GCC installation is preferred but broken.
On MacOS, libm and libpthread may not be supported^[1]^[2] and we have to convince configure to omit those switches:

diff --git a/src/configure b/src/configure
index eefc31a..4c34493 100755
--- a/src/configure
+++ b/src/configure
@@ -9451,10 +9451,7 @@ $as_echo "#define HAVE_LIBM 1" >>confdefs.h
  M_LIBS=-lm
 
 else
-  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 1 "JtR requires libm being installed
-See \`config.log' for more details" "$LINENO" 5; }
+ M_LIBS=
 fi
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5
@@ -10469,7 +10466,7 @@ case ${host_os} in
         ;;
 
         darwin*)
-        ax_pthread_flags="-pthread $ax_pthread_flags"
+        ax_pthread_flags="$ax_pthread_flags"
         ;;
 esac

Usage

Let's crack some Unix passwords first. While john can read Linux shadow files just fine, there's unshadow to generate a standard passwd file from it:

sudo getent shadow | grep '\$' > file.shadow                        # Only output entries with a password set
../run/unshadow /etc/passwd file.shadow | grep '\$' > file.passwd

Let's run w/o any parameters:

$ ../run/john file.passwd
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Loaded 5 password hashes with 5 different salts (sha512crypt, crypt(3) $6$ [SHA512 64/64 OpenSSL])
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
dummy            (passw0rd)
joe              (secr3t)
2g 0:00:00:50 15.38% 2/3 (ETA: 19:30:09) 0.03956g/s 635.2p/s 1557c/s 1557C/s 1simone..1bridges
2g 0:00:01:26 25.52% 2/3 (ETA: 19:30:21) 0.02309g/s 580.7p/s 1538c/s 1538C/s rescue9..trombone9
2g 0:00:10:57  3/3 0.003041g/s 523.2p/s 1543c/s 1543C/s 042212..043177
2g 0:00:11:32  3/3 0.002887g/s 523.4p/s 1544c/s 1544C/s 012824..014461
2g 0:00:16:27  3/3 0.002025g/s 512.1p/s 1518c/s 1518C/s jj0495..jjmche

The FAQ explains the status messages a bit more:

successful guess count
session duration (D:HH:MM:SS)
progress indicator (percent done and optionally pass number out of the total number of passes
g/s is successful guesses per second (so it'll stay at 0 until at least one password is cracked)
p/s is candidate passwords tested per second
c/s is "crypts" (password hash or cipher computations) per second
C/s is combinations of candidate password and target hash per second.
current (range of) candidate password(s) being tested

Links

Reading list

Re: ssh known_hosts support? (2014-07-02)
How the Bible and YouTube are fueling the next frontier of password cracking (2013-10-08)
How I became a password cracker (2013-03-24)
How a security ninja cracked the password guarding his most valued assets (2013-02-09)
25-GPU cluster cracks every standard Windows password in <6 hours (2012-12-09)
Bruteforcing SSH Known_Hosts Files (2010-11-03)

References

[1] The System Library: libSystem (Mac OS X for Unix Geeks)

[2] -lm and libm.a for Mac OS X

[1]

[2]

JtR

Contents