Password cracking with John the Ripper
Install John the Ripper
Here's a good article explaining John the Ripper. Follow it to install that program. Assuming you will install by building from source code, your command responding to the instruction to "decompress the tarball" will be something like:
tar -xzvf john-1.7.0.2.tar.gz
That creates a directory named john-1.7.0.2 with these contents:
[root@vmlap john-1.7.0.2]# ls -l
total 12
drwx------ 2 root root 4096 Apr 27 15:39 doc
lrwxrwxrwx 1 root root 10 Apr 27 15:34 README -> doc/README
drwx------ 2 root root 4096 Apr 27 15:37 run
drwx------ 2 root root 4096 Apr 27 15:37 src
[root@vmlap john-1.7.0.2]#
Read the README, which refers you to the INSTALL which is in the doc subdirectory. Follow its instructions for using the "make" command to compile the executable, which will end up in the run subdirectory. To use john you must supply a target file containing to-be-cracked passwords and run john against it.
Obtain a target file for this assignment
I have prepared such an "unshadowed" file representing 50 accounts and their passwords. It is named crack-these-please. Obtain it from sputnik.smc.edu by anonymous ftp. It's in the pub subdirectory. Put it in your john-1.7.0.2/run directory. Then cd into that directory and run
./john crack-these-please
Try to crack as many of the 50 as you can. It will take some time. John will remember the passwords it has cracked. You can view them with
./john --show crack-these-please
If you interrupt john you can resume it with
./john --restore
Turning in the assignment
When you have finished cracking, capture the output showing the results into a file:
./john --show crack-these-please > cracked
Print out the file and turn it in on paper.