Compile John the Ripper on x86-64 Cent OS with the Jumbo Patch

I am getting ready for a password contest at Defcon that Alex and I and a few other guys from the Hashcat team are going to enter and I decided to install John the Ripper on a Cent OS box in case I needed it for anything. John is in the yum repos however the version is pretty old and it is not compiled with NTLM support so I decided to build it from source so that i could apply the Jumbo patch which adds support for a whole lot of different algorithms which are normally only available in the pro version of John the Ripper.

Below I show the steps I took to get it compiled and working on Cent OS 64 bit:


First off figure out where you want to keep the source of john, I like /usr/local/src but you may have a different preference:

[root@tools ~]# cd /usr/local/src/
[root@tools src]#

Next lets grab the latest tarball of john:

[root@tools src]# wget http://www.openwall.com/john/g/john-1.7.6.tar.gz
--2010-07-13 11:34:53--  http://www.openwall.com/john/g/john-1.7.6.tar.gz
Resolving www.openwall.com... 195.42.179.202
Connecting to www.openwall.com|195.42.179.202|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 832790 (813K) [application/x-tar]
Saving to: `john-1.7.6.tar.gz'

100%[===================================================================================================================>] 832,790      272K/s   in 3.0s

2010-07-13 11:34:56 (272 KB/s) - `john-1.7.6.tar.gz' saved [832790/832790]

[root@tools src]#

Extract the tarball:

[root@tools src]# tar xzvf john-1.7.6.tar.gz
john-1.7.6/
john-1.7.6/doc/
john-1.7.6/doc/EXAMPLES

.
.
.
john-1.7.6/src/DES_vec.pl
john-1.7.6/README
[root@tools src]#

Change into our working directory:

[root@tools src]# cd john-1.7.6
[root@tools john-1.7.6]#

Now lets download the Jumbo patch with ntlm support:

[root@tools john-1.7.6]# wget http://www.openwall.com/john/contrib/john-1.7.6-jumbo-4.diff.gz
--2010-07-13 11:36:46--  http://www.openwall.com/john/contrib/john-1.7.6-jumbo-4.diff.gz
Resolving www.openwall.com... 195.42.179.202
Connecting to www.openwall.com|195.42.179.202|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 206601 (202K) 1
Saving to: `john-1.7.6-jumbo-4.diff.gz'

100%[===================================================================================================================>] 206,601     99.8K/s   in 2.0s

2010-07-13 11:36:48 (99.8 KB/s) - `john-1.7.6-jumbo-4.diff.gz' saved [206601/206601]

[root@tools john-1.7.6]#

Unzip the archive which holds the patch file:

[root@tools john-1.7.6]# gunzip john-1.7.6-jumbo-4.diff.gz
[root@tools john-1.7.6]#

Patch the source files:

[root@tools john-1.7.6]# patch -p1 <john-1.7.6-jumbo-4.diff
patching file doc/EPi.patch.README
patching file doc/HDAA_README
.
.
.
patching file src/x86-mmx.h
patching file src/x86-sse.S
patching file src/x86-sse.h
[root@tools john-1.7.6]#

In order to build we need to change into the src directory:

[root@tools john-1.7.6]# cd src/
[root@tools src]#

Up until now these instructions will work on any Linux system but when you make the binary there are flags which need to be givin for each individual system.

A complete list of flags can be seen by issuing the make command with no arguments:

[root@tools src]# make
To build John the Ripper, type:
        make clean SYSTEM
where SYSTEM can be one of the following:
linux-x86-64             Linux, x86-64 with SSE2 (best)
linux-x86-sse2           Linux, x86 with SSE2 (best if 32-bit)
linux-x86-mmx            Linux, x86 with MMX
linux-x86-any            Linux, x86
linux-alpha              Linux, Alpha
linux-sparc              Linux, SPARC 32-bit
linux-ppc32-altivec      Linux, PowerPC w/AltiVec (best)
linux-ppc32              Linux, PowerPC 32-bit
linux-ppc64              Linux, PowerPC 64-bit
linux-ia64               Linux, IA-64
freebsd-x86-64           FreeBSD, x86-64 with SSE2 (best)
freebsd-x86-sse2         FreeBSD, x86 with SSE2 (best if 32-bit)
freebsd-x86-mmx          FreeBSD, x86 with MMX
freebsd-x86-any          FreeBSD, x86
freebsd-alpha            FreeBSD, Alpha
openbsd-x86-64           OpenBSD, x86-64 with SSE2 (best)
openbsd-x86-sse2         OpenBSD, x86 with SSE2 (best if 32-bit)
openbsd-x86-mmx          OpenBSD, x86 with MMX
openbsd-x86-any          OpenBSD, x86
openbsd-alpha            OpenBSD, Alpha
openbsd-sparc64          OpenBSD, SPARC 64-bit (best)
openbsd-sparc            OpenBSD, SPARC 32-bit
openbsd-ppc32            OpenBSD, PowerPC 32-bit
openbsd-ppc64            OpenBSD, PowerPC 64-bit
openbsd-pa-risc          OpenBSD, PA-RISC
openbsd-vax              OpenBSD, VAX
netbsd-sparc64           NetBSD, SPARC 64-bit
netbsd-vax               NetBSD, VAX
solaris-sparc64-cc       Solaris, SPARC V9 64-bit, cc (best)
solaris-sparc64-gcc      Solaris, SPARC V9 64-bit, gcc
solaris-sparcv9-cc       Solaris, SPARC V9 32-bit, cc
solaris-sparcv8-cc       Solaris, SPARC V8 32-bit, cc
solaris-sparc-gcc        Solaris, SPARC 32-bit, gcc
solaris-x86-64-cc        Solaris, x86-64 with SSE2, cc (best)
solaris-x86-64-gcc       Solaris, x86-64 with SSE2, gcc
solaris-x86-sse2-cc      Solaris 9 4/04+, x86 with SSE2, cc
solaris-x86-sse2-gcc     Solaris 9 4/04+, x86 with SSE2, gcc
solaris-x86-mmx-cc       Solaris, x86 with MMX, cc
solaris-x86-mmx-gcc      Solaris, x86 with MMX, gcc
solaris-x86-any-cc       Solaris, x86, cc
solaris-x86-any-gcc      Solaris, x86, gcc
sco-x86-any-gcc          SCO, x86, gcc
sco-x86-any-cc           SCO, x86, cc
tru64-alpha              Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32                AIX, PowerPC 32-bit
macosx-x86-64            Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)
macosx-x86-sse2          Mac OS X, x86 with SSE2
macosx-ppc32-altivec     Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32             Mac OS X, PowerPC 32-bit
macosx-ppc64             Mac OS X 10.4+, PowerPC 64-bit
macosx-universal         Mac OS X, Universal Binary (x86 + x86-64 + PPC)
hpux-pa-risc-gcc         HP-UX, PA-RISC, gcc
hpux-pa-risc-cc          HP-UX, PA-RISC, ANSI cc
irix-mips64-r10k         IRIX, MIPS 64-bit (R10K) (best)
irix-mips64              IRIX, MIPS 64-bit
irix-mips32              IRIX, MIPS 32-bit
dos-djgpp-x86-mmx        DOS, DJGPP, x86 with MMX
dos-djgpp-x86-any        DOS, DJGPP, x86
win32-cygwin-x86-sse2    Win32, Cygwin, x86 with SSE2 (best)
win32-cygwin-x86-mmx     Win32, Cygwin, x86 with MMX
win32-cygwin-x86-any     Win32, Cygwin, x86
win32-mingw-x86-sse2     Win32, MinGW, x86 with SSE2 (best)
win32-mingw-x86-mmx      Win32, MinGW, x86 with MMX
win32-mingw-x86-any      Win32, MinGW, x86
beos-x86-sse2            BeOS, x86 with SSE2 (best)
beos-x86-mmx             BeOS, x86 with MMX
beos-x86-any             BeOS, x86
generic                  Any other Unix-like system with gcc
[root@tools src]#

Since we are on Cent OS 64 bit we will issue the following command:

[root@tools src]# make clean linux-x86-64

Once the build is finished the binary will be located in the run directory inside the john folder:

[root@tools run]# cd ../src/
[root@tools src]# cd ../run/
[root@tools run]# ls | grep john
john
john.conf
[root@tools run]#

Issue john with no arguments to see the options:

[root@tools run]# ./john
John the Ripper password cracker, version 1.7.6-jumbo-4
Copyright (c) 1996-2010 by Solar Designer and others
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--config=FILE              use FILE instead of john.conf or john.ini
--single[=SECTION]         "single crack" mode
--wordlist=FILE --stdin    wordlist mode, read words from FILE or stdin
--rules[=SECTION]          enable word mangling rules for wordlist mode
--incremental[=MODE]       "incremental" mode [using section MODE]
--markov[=LEVEL[:START:END[:MAXLEN]]] "Markov" mode (see documentation)
--external=MODE            external mode or word filter
--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
--restore[=NAME]           restore an interrupted session [called NAME]
--session=NAME             give a new session the NAME
--status[=NAME]            print status of a session [called NAME]
--make-charset=FILE        make a charset, FILE will be overwritten
--show[=LEFT]              show cracked passwords [if =LEFT, then uncracked]
--test[=TIME]              run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
--salt-list=SALT[,SALT,..] load just the specified salt(s)
--salts=[-]COUNT[:MAX]     load salts with[out] at least COUNT passwords only
                           (or in range of COUNT to MAX)
--pot=NAME                 pot file to use
--format=NAME              force hash type NAME:
                           DES/BSDI/MD5/BF/AFS/LM/NT/XSHA/PO/raw-MD5/MD5-gen/
                           IPB2/raw-sha1/md5a/hmac-md5/phpass-md5/KRB5/bfegg/
                           nsldap/ssha/openssha/oracle/oracle11/MYSQL/
                           mysql-sha1/mscash/lotus5/DOMINOSEC/
                           NETLM/NETNTLM/NETLMv2/NETNTLMv2/NETHALFLM/
                           mssql/mssql05/epi/phps/mysql-fast/pix-md5/sapG/
                           sapB/md5ns/HDAA/DMD5/crypt
--subformat=NAME           Some formats such as MD5-gen have subformats
                           (like md5_gen(0), md5_gen(7), etc).
                           This allows them to be specified.
                           If the name is LIST, then john will show all
                           subformats (help mode), and exit
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3
--mem-file-size=SIZE       max size a wordlist file will preload into memory
                           (default 5,000,000 bytes)
--field-separator-char=c   Use 'c' instead of the ':' for processing fields
                           (input file, pot file, etc)
--fix-state-delay=N        only determine the wordlist offset every N times
                           It is a performance gain to delay a while
                           (say 100 loops for a fast algorithm).
                           For slow algorithms it should not be used.
[root@tools run]#

Every thing looks pretty good so lets load up a few ntlm hash’s and make sure the patch worked:

Unknown ciphertext format name requested
[root@tools run]# john --wordlist=/wordlists/wordlist.lst --rules ntlm.txt
Loaded 31196 password hashes with no different salts (LM DES [128/128 BS SSE2-16])
ZXCVBNM          (?)
ZOLDER0          (?:1)
ZHONGGU          (?:1)
ZAPHOD1          (?:1)
YOTTABY          (?:1)
YOKOHAM          (?:1)
YESIAM1          (?)
YESHEYD          (?:1)
YAMAHA6          (?:1)
XINGXIN          (?:1)
XAIDXAI          (?:1)
WOOLGOO          (?:1)
WOAIWOD          (?:1)
WINDOWS          (?:1)
WINDHUN          (?:1)
WILMOTS          (?)
WILMANA          (?:1)
WHODINI          (?)
WHATABU          (?:1)
WH1T3RU          (?:1)
WERTY89          (?)
WELCOME          (?)
WELC0ME          (?:1)
WEBSTAT          (?:1)
WEBPLAN          (?:1)
WEBMAST          (?:1)
WEBADMI          (?:1)
WASHING          (?:1)
WANNABE          (?:1)
WALKMAN          (?:1)
W0LFH0U          (?:1)

Looks like it is all working fine and as expected so get some coffee and wait for the hash’s to crack!


List Price: $27.95 USD
New From: $8.84 USD In Stock
Used from: $0.31 USD In Stock


List Price: $25.00 USD
New From: $5.15 USD In Stock
Used from: $0.01 USD In Stock

Share