• Home »
  • »
  • Compile John the Ripper on x86-64 Cent OS with the Jumbo Patch

Compile John the Ripper on x86-64 Cent OS with the Jumbo Patch

I am getting ready for a password contest at Defcon that Alex and I and a few other guys from the Hashcat team are going to enter and I decided to install John the Ripper on a Cent OS box in case I needed it for anything. John is in the yum repos however the version is pretty old and it is not compiled with NTLM support so I decided to build it from source so that i could apply the Jumbo patch which adds support for a whole lot of different algorithms which are normally only available in the pro version of John the Ripper.

Below I show the steps I took to get it compiled and working on Cent OS 64 bit:

First off figure out where you want to keep the source of john, I like /usr/local/src but you may have a different preference:


  1. [root@tools ~]# cd /usr/local/src/
  2. [root@tools src]#

Next lets grab the latest tarball of john:


  1. [root@tools src]# wget http://www.openwall.com/john/g/john-1.7.6.tar.gz
  2. --2010-07-13 11:34:53--  http://www.openwall.com/john/g/john-1.7.6.tar.gz
  3. Resolving www.openwall.com...
  4. Connecting to www.openwall.com||:80... connected.
  5. HTTP request sent, awaiting response... 200 OK
  6. Length: 832790 (813K) [application/x-tar]
  7. Saving to: `john-1.7.6.tar.gz'
  9. 100%[===================================================================================================================>] 832,790      272K/s   in 3.0s
  11. 2010-07-13 11:34:56 (272 KB/s) - `john-1.7.6.tar.gz' saved [832790/832790]
  13. [root@tools src]#

Extract the tarball:


  1. [root@tools src]# tar xzvf john-1.7.6.tar.gz
  2. john-1.7.6/
  3. john-1.7.6/doc/
  4. john-1.7.6/doc/EXAMPLES
  6. .
  7. .
  8. .
  9. john-1.7.6/src/DES_vec.pl
  10. john-1.7.6/README
  11. [root@tools src]#

Change into our working directory:


  1. [root@tools src]# cd john-1.7.6
  2. [root@tools john-1.7.6]#

Now lets download the Jumbo patch with ntlm support:


  1. [root@tools john-1.7.6]# wget http://www.openwall.com/john/contrib/john-1.7.6-jumbo-4.diff.gz
  2. --2010-07-13 11:36:46--  http://www.openwall.com/john/contrib/john-1.7.6-jumbo-4.diff.gz
  3. Resolving www.openwall.com...
  4. Connecting to www.openwall.com||:80... connected.
  5. HTTP request sent, awaiting response... 200 OK
  6. Length: 206601 (202K) [text/plain]
  7. Saving to: `john-1.7.6-jumbo-4.diff.gz'
  9. 100%[===================================================================================================================>] 206,601     99.8K/s   in 2.0s
  11. 2010-07-13 11:36:48 (99.8 KB/s) - `john-1.7.6-jumbo-4.diff.gz' saved [206601/206601]
  13. [root@tools john-1.7.6]#

Unzip the archive which holds the patch file:


  1. [root@tools john-1.7.6]# gunzip john-1.7.6-jumbo-4.diff.gz
  2. [root@tools john-1.7.6]#

Patch the source files:


  1. [root@tools john-1.7.6]# patch -p1 <john-1.7.6-jumbo-4.diff
  2. patching file doc/EPi.patch.README
  3. patching file doc/HDAA_README
  4. .
  5. .
  6. .
  7. patching file src/x86-mmx.h
  8. patching file src/x86-sse.S
  9. patching file src/x86-sse.h
  10. [root@tools john-1.7.6]#

In order to build we need to change into the src directory:


  1. [root@tools john-1.7.6]# cd src/
  2. [root@tools src]#

Up until now these instructions will work on any Linux system but when you make the binary there are flags which need to be givin for each individual system.

A complete list of flags can be seen by issuing the make command with no arguments:


  1. [root@tools src]# make
  2. To build John the Ripper, type:
  3.         make clean SYSTEM
  4. where SYSTEM can be one of the following:
  5. linux-x86-64             Linux, x86-64 with SSE2 (best)
  6. linux-x86-sse2           Linux, x86 with SSE2 (best if 32-bit)
  7. linux-x86-mmx            Linux, x86 with MMX
  8. linux-x86-any            Linux, x86
  9. linux-alpha              Linux, Alpha
  10. linux-sparc              Linux, SPARC 32-bit
  11. linux-ppc32-altivec      Linux, PowerPC w/AltiVec (best)
  12. linux-ppc32              Linux, PowerPC 32-bit
  13. linux-ppc64              Linux, PowerPC 64-bit
  14. linux-ia64               Linux, IA-64
  15. freebsd-x86-64           FreeBSD, x86-64 with SSE2 (best)
  16. freebsd-x86-sse2         FreeBSD, x86 with SSE2 (best if 32-bit)
  17. freebsd-x86-mmx          FreeBSD, x86 with MMX
  18. freebsd-x86-any          FreeBSD, x86
  19. freebsd-alpha            FreeBSD, Alpha
  20. openbsd-x86-64           OpenBSD, x86-64 with SSE2 (best)
  21. openbsd-x86-sse2         OpenBSD, x86 with SSE2 (best if 32-bit)
  22. openbsd-x86-mmx          OpenBSD, x86 with MMX
  23. openbsd-x86-any          OpenBSD, x86
  24. openbsd-alpha            OpenBSD, Alpha
  25. openbsd-sparc64          OpenBSD, SPARC 64-bit (best)
  26. openbsd-sparc            OpenBSD, SPARC 32-bit
  27. openbsd-ppc32            OpenBSD, PowerPC 32-bit
  28. openbsd-ppc64            OpenBSD, PowerPC 64-bit
  29. openbsd-pa-risc          OpenBSD, PA-RISC
  30. openbsd-vax              OpenBSD, VAX
  31. netbsd-sparc64           NetBSD, SPARC 64-bit
  32. netbsd-vax               NetBSD, VAX
  33. solaris-sparc64-cc       Solaris, SPARC V9 64-bit, cc (best)
  34. solaris-sparc64-gcc      Solaris, SPARC V9 64-bit, gcc
  35. solaris-sparcv9-cc       Solaris, SPARC V9 32-bit, cc
  36. solaris-sparcv8-cc       Solaris, SPARC V8 32-bit, cc
  37. solaris-sparc-gcc        Solaris, SPARC 32-bit, gcc
  38. solaris-x86-64-cc        Solaris, x86-64 with SSE2, cc (best)
  39. solaris-x86-64-gcc       Solaris, x86-64 with SSE2, gcc
  40. solaris-x86-sse2-cc      Solaris 9 4/04+, x86 with SSE2, cc
  41. solaris-x86-sse2-gcc     Solaris 9 4/04+, x86 with SSE2, gcc
  42. solaris-x86-mmx-cc       Solaris, x86 with MMX, cc
  43. solaris-x86-mmx-gcc      Solaris, x86 with MMX, gcc
  44. solaris-x86-any-cc       Solaris, x86, cc
  45. solaris-x86-any-gcc      Solaris, x86, gcc
  46. sco-x86-any-gcc          SCO, x86, gcc
  47. sco-x86-any-cc           SCO, x86, cc
  48. tru64-alpha              Tru64 (Digital UNIX, OSF/1), Alpha
  49. aix-ppc32                AIX, PowerPC 32-bit
  50. macosx-x86-64            Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)
  51. macosx-x86-sse2          Mac OS X, x86 with SSE2
  52. macosx-ppc32-altivec     Mac OS X, PowerPC w/AltiVec (best)
  53. macosx-ppc32             Mac OS X, PowerPC 32-bit
  54. macosx-ppc64             Mac OS X 10.4+, PowerPC 64-bit
  55. macosx-universal         Mac OS X, Universal Binary (x86 + x86-64 + PPC)
  56. hpux-pa-risc-gcc         HP-UX, PA-RISC, gcc
  57. hpux-pa-risc-cc          HP-UX, PA-RISC, ANSI cc
  58. irix-mips64-r10k         IRIX, MIPS 64-bit (R10K) (best)
  59. irix-mips64              IRIX, MIPS 64-bit
  60. irix-mips32              IRIX, MIPS 32-bit
  61. dos-djgpp-x86-mmx        DOS, DJGPP, x86 with MMX
  62. dos-djgpp-x86-any        DOS, DJGPP, x86
  63. win32-cygwin-x86-sse2    Win32, Cygwin, x86 with SSE2 (best)
  64. win32-cygwin-x86-mmx     Win32, Cygwin, x86 with MMX
  65. win32-cygwin-x86-any     Win32, Cygwin, x86
  66. win32-mingw-x86-sse2     Win32, MinGW, x86 with SSE2 (best)
  67. win32-mingw-x86-mmx      Win32, MinGW, x86 with MMX
  68. win32-mingw-x86-any      Win32, MinGW, x86
  69. beos-x86-sse2            BeOS, x86 with SSE2 (best)
  70. beos-x86-mmx             BeOS, x86 with MMX
  71. beos-x86-any             BeOS, x86
  72. generic                  Any other Unix-like system with gcc
  73. [root@tools src]#

Since we are on Cent OS 64 bit we will issue the following command:


  1. [root@tools src]# make clean linux-x86-64

Once the build is finished the binary will be located in the run directory inside the john folder:


  1. [root@tools run]# cd ../src/
  2. [root@tools src]# cd ../run/
  3. [root@tools run]# ls | grep john
  4. john
  5. john.conf
  6. [root@tools run]#

Issue john with no arguments to see the options:


  1. [root@tools run]# ./john
  2. John the Ripper password cracker, version 1.7.6-jumbo-4
  3. Copyright (c) 1996-2010 by Solar Designer and others
  4. Homepage: http://www.openwall.com/john/
  6. Usage: john [OPTIONS] [PASSWORD-FILES]
  7. --config=FILE              use FILE instead of john.conf or john.ini
  8. --single[=SECTION]         "single crack" mode
  9. --wordlist=FILE --stdin    wordlist mode, read words from FILE or stdin
  10. --rules[=SECTION]          enable word mangling rules for wordlist mode
  11. --incremental[=MODE]       "incremental" mode [using section MODE]
  12. --markov[=LEVEL[:START:END[:MAXLEN]]] "Markov" mode (see documentation)
  13. --external=MODE            external mode or word filter
  14. --stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
  15. --restore[=NAME]           restore an interrupted session [called NAME]
  16. --session=NAME             give a new session the NAME
  17. --status[=NAME]            print status of a session [called NAME]
  18. --make-charset=FILE        make a charset, FILE will be overwritten
  19. --show[=LEFT]              show cracked passwords [if =LEFT, then uncracked]
  20. --test[=TIME]              run tests and benchmarks for TIME seconds each
  21. --users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
  22. --groups=[-]GID[,..]       load users [not] of this (these) group(s) only
  23. --shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
  24. --salt-list=SALT[,SALT,..] load just the specified salt(s)
  25. --salts=[-]COUNT[:MAX]     load salts with[out] at least COUNT passwords only
  26.                            (or in range of COUNT to MAX)
  27. --pot=NAME                 pot file to use
  28. --format=NAME              force hash type NAME:
  29.                            DES/BSDI/MD5/BF/AFS/LM/NT/XSHA/PO/raw-MD5/MD5-gen/
  30.                            IPB2/raw-sha1/md5a/hmac-md5/phpass-md5/KRB5/bfegg/
  31.                            nsldap/ssha/openssha/oracle/oracle11/MYSQL/
  32.                            mysql-sha1/mscash/lotus5/DOMINOSEC/
  33.                            NETLM/NETNTLM/NETLMv2/NETNTLMv2/NETHALFLM/
  34.                            mssql/mssql05/epi/phps/mysql-fast/pix-md5/sapG/
  35.                            sapB/md5ns/HDAA/DMD5/crypt
  36. --subformat=NAME           Some formats such as MD5-gen have subformats
  37.                            (like md5_gen(0), md5_gen(7), etc).
  38.                            This allows them to be specified.
  39.                            If the name is LIST, then john will show all
  40.                            subformats (help mode), and exit
  41. --save-memory=LEVEL        enable memory saving, at LEVEL 1..3
  42. --mem-file-size=SIZE       max size a wordlist file will preload into memory
  43.                            (default 5,000,000 bytes)
  44. --field-separator-char=c   Use 'c' instead of the ':' for processing fields
  45.                            (input file, pot file, etc)
  46. --fix-state-delay=N        only determine the wordlist offset every N times
  47.                            It is a performance gain to delay a while
  48.                            (say 100 loops for a fast algorithm).
  49.                            For slow algorithms it should not be used.
  50. [root@tools run]#

Every thing looks pretty good so lets load up a few ntlm hash’s and make sure the patch worked:


  1. Unknown ciphertext format name requested
  2. [root@tools run]# john --wordlist=/wordlists/wordlist.lst --rules ntlm.txt
  3. Loaded 31196 password hashes with no different salts (LM DES [128/128 BS SSE2-16])
  4. ZXCVBNM          (?)
  5. ZOLDER0          (?:1)
  6. ZHONGGU          (?:1)
  7. ZAPHOD1          (?:1)
  8. YOTTABY          (?:1)
  9. YOKOHAM          (?:1)
  10. YESIAM1          (?)
  11. YESHEYD          (?:1)
  12. YAMAHA6          (?:1)
  13. XINGXIN          (?:1)
  14. XAIDXAI          (?:1)
  15. WOOLGOO          (?:1)
  16. WOAIWOD          (?:1)
  17. WINDOWS          (?:1)
  18. WINDHUN          (?:1)
  19. WILMOTS          (?)
  20. WILMANA          (?:1)
  21. WHODINI          (?)
  22. WHATABU          (?:1)
  23. WH1T3RU          (?:1)
  24. WERTY89          (?)
  25. WELCOME          (?)
  26. WELC0ME          (?:1)
  27. WEBSTAT          (?:1)
  28. WEBPLAN          (?:1)
  29. WEBMAST          (?:1)
  30. WEBADMI          (?:1)
  31. WASHING          (?:1)
  32. WANNABE          (?:1)
  33. WALKMAN          (?:1)
  34. W0LFH0U          (?:1)

Looks like it is all working fine and as expected so get some coffee and wait for the hash’s to crack!

Perfect Passwords: Selection, Protection, Authentication (Paperback)

List Price: $27.95 USD
New From: $15.53 USD In Stock
Used from: $0.01 USD In Stock

Brute Force: Cracking the Data Encryption Standard (Hardcover)

List Price: $25.00 USD
New From: $2.95 USD In Stock
Used from: $0.74 USD In Stock