Cracking passwords with pwdump3 and John the Ripper - jude-lindale/Wiki GitHub Wiki

Windows

The following steps use two of my favorite utilities to test the security of current passwords on Windows systems:

  • pwdump3 (to extract password hashes from the Windows SAM database)
  • John the Ripper (to crack the hashes of Windows and Linux/Unix passwords)

The following test requires administrative access to your Windows stand-alone workstation or the server:

  1. Create a new directory called passwords at the root of your Windows C: drive.
  2. Download and install a decompression tool, if you don’t already have one:
  • 7-Zip (https://www.7-zip.org) is a free decompression tool. Windows also includes built-in zip-file handling, albeit a bit kludgy.
  1. Download, extract, and install the following software into the passwords directory you created, if you don’t already have it on your system:
  1. Enter the following command to run pwdump3 and redirect its output to a file called cracked.txt:
  • c:\passwords\pwdump3 >; cracked.txt This file captures the Windows SAM password hashes that are cracked with John the Ripper.
  1. Enter the following command to run John the Ripper against the Windows SAM password hashes to display the cracked passwords:
  • c:\passwords\john cracked.txt can take seconds or days, depending on the number of users and the complexity of their associated passwords. My Windows example took only five seconds to crack five weak passwords.

Unix/Linux

John the Ripper can also crack Unix/Linux passwords. You need root access to your system and to the password /etc/passwd and shadow password /etc/shadow files. Perform the following steps to crack Unix/Linux passwords:

  1. Download the Unix source files from www.openwall.com/john.
  2. Extract the program by entering the following command (with the current filename):
  • tar -zxf john-1.8.0.tar.xz (Tip: You can also crack Unix or Linux passwords on a Windows system by using the Windows/DOS version of John the Ripper.)
  1. Change to the /src directory that was created when you extracted the program, and enter the following command:
  • make generic
  1. Change to the /run directory, and enter the following command to use the unshadow program to combine the passwd and shadow files and copy them to the file cracked.txt:
  • ./unshadow /etc/passwd /etc/shadow > cracked.txt
  1. Enter the following command to start the cracking process:
  • ./john cracked.txt When John the Ripper is complete (which could take some time), the output is similar to the results of the preceding Windows process