Jul
05
2010
Compile John the Ripper on x86-64 Cent OS with the Jumbo Patch
Posted by purehate in Insights at 11:21 AMI am getting ready for a password contest at Defcon that Alex and I and a few other guys from the Hashcat team are going to enter and I decided to install John the Ripper on a Cent OS box in case I needed it for anything. John is in the yum repos however the version is pretty old and it is not compiled with NTLM support so I decided to build it from source so that i could apply the Jumbo patch which adds support for a whole lot of different algorithms which are normally only available in the pro version of John the Ripper.
Below I show the steps I took to get it compiled and working on Cent OS 64 bit:
First off figure out where you want to keep the source of john, I like /usr/local/src but you may have a different preference:
[root@tools ~]# cd /usr/local/src/ [root@tools src]#
Next lets grab the latest tarball of john:
[root@tools src]# wget http://www.openwall.com/john/g/john-1.7.6.tar.gz --2010-07-13 11:34:53-- http://www.openwall.com/john/g/john-1.7.6.tar.gz Resolving www.openwall.com... 195.42.179.202 Connecting to www.openwall.com|195.42.179.202|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 832790 (813K) [application/x-tar] Saving to: `john-1.7.6.tar.gz' 100%[===================================================================================================================>] 832,790 272K/s in 3.0s 2010-07-13 11:34:56 (272 KB/s) - `john-1.7.6.tar.gz' saved [832790/832790] [root@tools src]#
Extract the tarball:
[root@tools src]# tar xzvf john-1.7.6.tar.gz john-1.7.6/ john-1.7.6/doc/ john-1.7.6/doc/EXAMPLES . . . john-1.7.6/src/DES_vec.pl john-1.7.6/README [root@tools src]#
Change into our working directory:
[root@tools src]# cd john-1.7.6 [root@tools john-1.7.6]#
Now lets download the Jumbo patch with ntlm support:
[root@tools john-1.7.6]# wget http://www.openwall.com/john/contrib/john-1.7.6-jumbo-4.diff.gz --2010-07-13 11:36:46-- http://www.openwall.com/john/contrib/john-1.7.6-jumbo-4.diff.gz Resolving www.openwall.com... 195.42.179.202 Connecting to www.openwall.com|195.42.179.202|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 206601 (202K) [text/plain] Saving to: `john-1.7.6-jumbo-4.diff.gz' 100%[===================================================================================================================>] 206,601 99.8K/s in 2.0s 2010-07-13 11:36:48 (99.8 KB/s) - `john-1.7.6-jumbo-4.diff.gz' saved [206601/206601] [root@tools john-1.7.6]#
Unzip the archive which holds the patch file:
[root@tools john-1.7.6]# gunzip john-1.7.6-jumbo-4.diff.gz [root@tools john-1.7.6]#
Patch the source files:
[root@tools john-1.7.6]# patch -p1 <john-1.7.6-jumbo-4.diff patching file doc/EPi.patch.README patching file doc/HDAA_README . . . patching file src/x86-mmx.h patching file src/x86-sse.S patching file src/x86-sse.h [root@tools john-1.7.6]#
In order to build we need to change into the src directory:
[root@tools john-1.7.6]# cd src/ [root@tools src]#
Up until now these instructions will work on any Linux system but when you make the binary there are flags which need to be givin for each individual system.
A complete list of flags can be seen by issuing the make command with no arguments:
[root@tools src]# make
To build John the Ripper, type:
make clean SYSTEM
where SYSTEM can be one of the following:
linux-x86-64 Linux, x86-64 with SSE2 (best)
linux-x86-sse2 Linux, x86 with SSE2 (best if 32-bit)
linux-x86-mmx Linux, x86 with MMX
linux-x86-any Linux, x86
linux-alpha Linux, Alpha
linux-sparc Linux, SPARC 32-bit
linux-ppc32-altivec Linux, PowerPC w/AltiVec (best)
linux-ppc32 Linux, PowerPC 32-bit
linux-ppc64 Linux, PowerPC 64-bit
linux-ia64 Linux, IA-64
freebsd-x86-64 FreeBSD, x86-64 with SSE2 (best)
freebsd-x86-sse2 FreeBSD, x86 with SSE2 (best if 32-bit)
freebsd-x86-mmx FreeBSD, x86 with MMX
freebsd-x86-any FreeBSD, x86
freebsd-alpha FreeBSD, Alpha
openbsd-x86-64 OpenBSD, x86-64 with SSE2 (best)
openbsd-x86-sse2 OpenBSD, x86 with SSE2 (best if 32-bit)
openbsd-x86-mmx OpenBSD, x86 with MMX
openbsd-x86-any OpenBSD, x86
openbsd-alpha OpenBSD, Alpha
openbsd-sparc64 OpenBSD, SPARC 64-bit (best)
openbsd-sparc OpenBSD, SPARC 32-bit
openbsd-ppc32 OpenBSD, PowerPC 32-bit
openbsd-ppc64 OpenBSD, PowerPC 64-bit
openbsd-pa-risc OpenBSD, PA-RISC
openbsd-vax OpenBSD, VAX
netbsd-sparc64 NetBSD, SPARC 64-bit
netbsd-vax NetBSD, VAX
solaris-sparc64-cc Solaris, SPARC V9 64-bit, cc (best)
solaris-sparc64-gcc Solaris, SPARC V9 64-bit, gcc
solaris-sparcv9-cc Solaris, SPARC V9 32-bit, cc
solaris-sparcv8-cc Solaris, SPARC V8 32-bit, cc
solaris-sparc-gcc Solaris, SPARC 32-bit, gcc
solaris-x86-64-cc Solaris, x86-64 with SSE2, cc (best)
solaris-x86-64-gcc Solaris, x86-64 with SSE2, gcc
solaris-x86-sse2-cc Solaris 9 4/04+, x86 with SSE2, cc
solaris-x86-sse2-gcc Solaris 9 4/04+, x86 with SSE2, gcc
solaris-x86-mmx-cc Solaris, x86 with MMX, cc
solaris-x86-mmx-gcc Solaris, x86 with MMX, gcc
solaris-x86-any-cc Solaris, x86, cc
solaris-x86-any-gcc Solaris, x86, gcc
sco-x86-any-gcc SCO, x86, gcc
sco-x86-any-cc SCO, x86, cc
tru64-alpha Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32 AIX, PowerPC 32-bit
macosx-x86-64 Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)
macosx-x86-sse2 Mac OS X, x86 with SSE2
macosx-ppc32-altivec Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32 Mac OS X, PowerPC 32-bit
macosx-ppc64 Mac OS X 10.4+, PowerPC 64-bit
macosx-universal Mac OS X, Universal Binary (x86 + x86-64 + PPC)
hpux-pa-risc-gcc HP-UX, PA-RISC, gcc
hpux-pa-risc-cc HP-UX, PA-RISC, ANSI cc
irix-mips64-r10k IRIX, MIPS 64-bit (R10K) (best)
irix-mips64 IRIX, MIPS 64-bit
irix-mips32 IRIX, MIPS 32-bit
dos-djgpp-x86-mmx DOS, DJGPP, x86 with MMX
dos-djgpp-x86-any DOS, DJGPP, x86
win32-cygwin-x86-sse2 Win32, Cygwin, x86 with SSE2 (best)
win32-cygwin-x86-mmx Win32, Cygwin, x86 with MMX
win32-cygwin-x86-any Win32, Cygwin, x86
win32-mingw-x86-sse2 Win32, MinGW, x86 with SSE2 (best)
win32-mingw-x86-mmx Win32, MinGW, x86 with MMX
win32-mingw-x86-any Win32, MinGW, x86
beos-x86-sse2 BeOS, x86 with SSE2 (best)
beos-x86-mmx BeOS, x86 with MMX
beos-x86-any BeOS, x86
generic Any other Unix-like system with gcc
[root@tools src]#
Since we are on Cent OS 64 bit we will issue the following command:
[root@tools src]# make clean linux-x86-64
Once the build is finished the binary will be located in the run directory inside the john folder:
[root@tools run]# cd ../src/ [root@tools src]# cd ../run/ [root@tools run]# ls | grep john john john.conf [root@tools run]#
Issue john with no arguments to see the options:
[root@tools run]# ./john
John the Ripper password cracker, version 1.7.6-jumbo-4
Copyright (c) 1996-2010 by Solar Designer and others
Homepage: http://www.openwall.com/john/
Usage: john [OPTIONS] [PASSWORD-FILES]
--config=FILE use FILE instead of john.conf or john.ini
--single[=SECTION] "single crack" mode
--wordlist=FILE --stdin wordlist mode, read words from FILE or stdin
--rules[=SECTION] enable word mangling rules for wordlist mode
--incremental[=MODE] "incremental" mode [using section MODE]
--markov[=LEVEL[:START:END[:MAXLEN]]] "Markov" mode (see documentation)
--external=MODE external mode or word filter
--stdout[=LENGTH] just output candidate passwords [cut at LENGTH]
--restore[=NAME] restore an interrupted session [called NAME]
--session=NAME give a new session the NAME
--status[=NAME] print status of a session [called NAME]
--make-charset=FILE make a charset, FILE will be overwritten
--show[=LEFT] show cracked passwords [if =LEFT, then uncracked]
--test[=TIME] run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..] load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
--salt-list=SALT[,SALT,..] load just the specified salt(s)
--salts=[-]COUNT[:MAX] load salts with[out] at least COUNT passwords only
(or in range of COUNT to MAX)
--pot=NAME pot file to use
--format=NAME force hash type NAME:
DES/BSDI/MD5/BF/AFS/LM/NT/XSHA/PO/raw-MD5/MD5-gen/
IPB2/raw-sha1/md5a/hmac-md5/phpass-md5/KRB5/bfegg/
nsldap/ssha/openssha/oracle/oracle11/MYSQL/
mysql-sha1/mscash/lotus5/DOMINOSEC/
NETLM/NETNTLM/NETLMv2/NETNTLMv2/NETHALFLM/
mssql/mssql05/epi/phps/mysql-fast/pix-md5/sapG/
sapB/md5ns/HDAA/DMD5/crypt
--subformat=NAME Some formats such as MD5-gen have subformats
(like md5_gen(0), md5_gen(7), etc).
This allows them to be specified.
If the name is LIST, then john will show all
subformats (help mode), and exit
--save-memory=LEVEL enable memory saving, at LEVEL 1..3
--mem-file-size=SIZE max size a wordlist file will preload into memory
(default 5,000,000 bytes)
--field-separator-char=c Use 'c' instead of the ':' for processing fields
(input file, pot file, etc)
--fix-state-delay=N only determine the wordlist offset every N times
It is a performance gain to delay a while
(say 100 loops for a fast algorithm).
For slow algorithms it should not be used.
[root@tools run]#
Every thing looks pretty good so lets load up a few ntlm hash’s and make sure the patch worked:
Unknown ciphertext format name requested [root@tools run]# john --wordlist=/wordlists/wordlist.lst --rules ntlm.txt Loaded 31196 password hashes with no different salts (LM DES [128/128 BS SSE2-16]) ZXCVBNM (?) ZOLDER0 (?:1) ZHONGGU (?:1) ZAPHOD1 (?:1) YOTTABY (?:1) YOKOHAM (?:1) YESIAM1 (?) YESHEYD (?:1) YAMAHA6 (?:1) XINGXIN (?:1) XAIDXAI (?:1) WOOLGOO (?:1) WOAIWOD (?:1) WINDOWS (?:1) WINDHUN (?:1) WILMOTS (?) WILMANA (?:1) WHODINI (?) WHATABU (?:1) WH1T3RU (?:1) WERTY89 (?) WELCOME (?) WELC0ME (?:1) WEBSTAT (?:1) WEBPLAN (?:1) WEBMAST (?:1) WEBADMI (?:1) WASHING (?:1) WANNABE (?:1) WALKMAN (?:1) W0LFH0U (?:1)
Looks like it is all working fine and as expected so get some coffee and wait for the hash’s to crack!
|
|
||||||||
|
|
||||||||
Entries (RSS)
