[plug] john the ripper

Russell Steicke r.steicke at bom.gov.au
Wed Jul 6 13:36:27 WST 2005


On Wed, Jul 06, 2005 at 01:17:06PM +0800, W.Kenworthy wrote:
> I didnt get a reply to this so isnt anyone using john?  If not john,
> what do people use to audit their systems?

I've used it to crack passwords on my home machines, mainly to
demonstrate to my chillun how easy password cracking can be.

On a 2G ppc machine, it took three seconds to crack a password that
was "warcraft".

If you're really interested in this, add a user, set the password to
something easy or something you want to check, then copy /etc/shadow
somewhere and edit out all the other passwords.  You can deluser now
since you have a copy of the encrypted password.  Run "john shadow"
and see how long it takes.




-- 
Russell Steicke

-- Fortune says:
"I see little divinity about them or you.  You talk to me of Christianity
when you are in the act of hanging your enemies.  Was there ever such
blasphemous nonsense!"
-- Shaw, "The Devil's Disciple"



More information about the plug mailing list