In this config we going to use John the Ripper’s password cracker to enhance the security of your server by choosing a proper password for your system. This config assumes that you have already installed John the Ripper’s password cracker. If you haven’t installed it then please go to install Password cracker - John the Ripper now.
Create test user
For testing purposes you should create a testing user “johnripper” with password “password”.
adduser johnripper
Image:johnripper01.jpg
Crack password
John the Ripper’s password cracker needs to access a shadow file in order to be able crack a password. You need to run “john” as superuser “root”. Be sure that John Binary is in your path, or you are in directory where john Binary resides. Try and see how long it will take to crack your super secure password of: “password”
./john -users:johnripper /etc/shadow
Image:johnripper02.jpg
To guess a password in 0 seconds is excellent time. Try making it more difficult and change the password for user “johnripper” to “password1″ and attempt to crack the password again:
Image:johnripper03.jpg
What if you changed the password to “password10″. How long will it take to crack the password now? Who knows, I gave up after 23 hours. Apparently my linuxbox is not as powerful as I thought, if you get a result please let me know.
Image:johnripper04.jpg
Thursday, September 17, 2009
How to Use John the Ripper
