Compile John the Ripper on x86-64 Cent OS with the Jumbo Patch

I am getting ready for a password contest at Defcon that Alex and I and a few other guys from the Hashcat team are going to enter and I decided to install John the Ripper on a Cent OS box in case I needed it for anything. John is in the yum repos however the version is pretty old and it is not compiled with NTLM support so I decided to build it from source so that i could apply the Jumbo patch which adds support for a whole lot of different algorithms which are normally only available in the pro version of John the Ripper.

Below I show the steps I took to get it compiled and working on Cent OS 64 bit:

First off figure out where you want to keep the source of john, I like /usr/local/src but you may have a different preference:

[root@tools ~]# cd /usr/local/src/
[root@tools src]#

Next lets grab the latest tarball of john:

[root@tools src]# wget http://www.openwall.com/john/g/john-1.7.6.tar.gz
--2010-07-13 11:34:53-- http://www.openwall.com/john/g/john-1.7.6.tar.gz
Resolving www.openwall.com... 195.42.179.202
Connecting to www.openwall.com|195.42.179.202|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 832790 (813K) [application/x-tar]
Saving to: `john-1.7.6.tar.gz'
100%[===================================================================================================================>] 832,790 272K/s in 3.0s
2010-07-13 11:34:56 (272 KB/s) - `john-1.7.6.tar.gz' saved [832790/832790]
[root@tools src]#

Extract the tarball:

[root@tools src]# tar xzvf john-1.7.6.tar.gz
john-1.7.6/
john-1.7.6/doc/
john-1.7.6/doc/EXAMPLES
.
.
.
john-1.7.6/src/DES_vec.pl
john-1.7.6/README
[root@tools src]#

Change into our working directory:

[root@tools src]# cd john-1.7.6
[root@tools john-1.7.6]#

Now lets download the Jumbo patch with ntlm support:

[root@tools john-1.7.6]# wget http://www.openwall.com/john/contrib/john-1.7.6-jumbo-4.diff.gz
--2010-07-13 11:36:46-- http://www.openwall.com/john/contrib/john-1.7.6-jumbo-4.diff.gz
Resolving www.openwall.com... 195.42.179.202
Connecting to www.openwall.com|195.42.179.202|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 206601 (202K) [text/plain]
Saving to: `john-1.7.6-jumbo-4.diff.gz'
100%[===================================================================================================================>] 206,601 99.8K/s in 2.0s
2010-07-13 11:36:48 (99.8 KB/s) - `john-1.7.6-jumbo-4.diff.gz' saved [206601/206601]
[root@tools john-1.7.6]#

Unzip the archive which holds the patch file:

[root@tools john-1.7.6]# gunzip john-1.7.6-jumbo-4.diff.gz
[root@tools john-1.7.6]#

Patch the source files:

[root@tools john-1.7.6]# patch -p1 <john-1.7.6-jumbo-4.diff
patching file doc/EPi.patch.README
patching file doc/HDAA_README
.
.
.
patching file src/x86-mmx.h
patching file src/x86-sse.S
patching file src/x86-sse.h
[root@tools john-1.7.6]#

In order to build we need to change into the src directory:

[root@tools john-1.7.6]# cd src/
[root@tools src]#

Up until now these instructions will work on any Linux system but when you make the binary there are flags which need to be givin for each individual system.

A complete list of flags can be seen by issuing the make command with no arguments:

[root@tools src]# make
To build John the Ripper, type:
make clean SYSTEM
where SYSTEM can be one of the following:
linux-x86-64 Linux, x86-64 with SSE2 (best)
linux-x86-sse2 Linux, x86 with SSE2 (best if 32-bit)
linux-x86-mmx Linux, x86 with MMX
linux-x86-any Linux, x86
linux-alpha Linux, Alpha
linux-sparc Linux, SPARC 32-bit
linux-ppc32-altivec Linux, PowerPC w/AltiVec (best)
linux-ppc32 Linux, PowerPC 32-bit
linux-ppc64 Linux, PowerPC 64-bit
linux-ia64 Linux, IA-64
freebsd-x86-64 FreeBSD, x86-64 with SSE2 (best)
freebsd-x86-sse2 FreeBSD, x86 with SSE2 (best if 32-bit)
freebsd-x86-mmx FreeBSD, x86 with MMX
freebsd-x86-any FreeBSD, x86
freebsd-alpha FreeBSD, Alpha
openbsd-x86-64 OpenBSD, x86-64 with SSE2 (best)
openbsd-x86-sse2 OpenBSD, x86 with SSE2 (best if 32-bit)
openbsd-x86-mmx OpenBSD, x86 with MMX
openbsd-x86-any OpenBSD, x86
openbsd-alpha OpenBSD, Alpha
openbsd-sparc64 OpenBSD, SPARC 64-bit (best)
openbsd-sparc OpenBSD, SPARC 32-bit
openbsd-ppc32 OpenBSD, PowerPC 32-bit
openbsd-ppc64 OpenBSD, PowerPC 64-bit
openbsd-pa-risc OpenBSD, PA-RISC
openbsd-vax OpenBSD, VAX
netbsd-sparc64 NetBSD, SPARC 64-bit
netbsd-vax NetBSD, VAX
solaris-sparc64-cc Solaris, SPARC V9 64-bit, cc (best)
solaris-sparc64-gcc Solaris, SPARC V9 64-bit, gcc
solaris-sparcv9-cc Solaris, SPARC V9 32-bit, cc
solaris-sparcv8-cc Solaris, SPARC V8 32-bit, cc
solaris-sparc-gcc Solaris, SPARC 32-bit, gcc
solaris-x86-64-cc Solaris, x86-64 with SSE2, cc (best)
solaris-x86-64-gcc Solaris, x86-64 with SSE2, gcc
solaris-x86-sse2-cc Solaris 9 4/04+, x86 with SSE2, cc
solaris-x86-sse2-gcc Solaris 9 4/04+, x86 with SSE2, gcc
solaris-x86-mmx-cc Solaris, x86 with MMX, cc
solaris-x86-mmx-gcc Solaris, x86 with MMX, gcc
solaris-x86-any-cc Solaris, x86, cc
solaris-x86-any-gcc Solaris, x86, gcc
sco-x86-any-gcc SCO, x86, gcc
sco-x86-any-cc SCO, x86, cc
tru64-alpha Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32 AIX, PowerPC 32-bit
macosx-x86-64 Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)
macosx-x86-sse2 Mac OS X, x86 with SSE2
macosx-ppc32-altivec Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32 Mac OS X, PowerPC 32-bit
macosx-ppc64 Mac OS X 10.4+, PowerPC 64-bit
macosx-universal Mac OS X, Universal Binary (x86 + x86-64 + PPC)
hpux-pa-risc-gcc HP-UX, PA-RISC, gcc
hpux-pa-risc-cc HP-UX, PA-RISC, ANSI cc
irix-mips64-r10k IRIX, MIPS 64-bit (R10K) (best)
irix-mips64 IRIX, MIPS 64-bit
irix-mips32 IRIX, MIPS 32-bit
dos-djgpp-x86-mmx DOS, DJGPP, x86 with MMX
dos-djgpp-x86-any DOS, DJGPP, x86
win32-cygwin-x86-sse2 Win32, Cygwin, x86 with SSE2 (best)
win32-cygwin-x86-mmx Win32, Cygwin, x86 with MMX
win32-cygwin-x86-any Win32, Cygwin, x86
win32-mingw-x86-sse2 Win32, MinGW, x86 with SSE2 (best)
win32-mingw-x86-mmx Win32, MinGW, x86 with MMX
win32-mingw-x86-any Win32, MinGW, x86
beos-x86-sse2 BeOS, x86 with SSE2 (best)
beos-x86-mmx BeOS, x86 with MMX
beos-x86-any BeOS, x86
generic Any other Unix-like system with gcc
[root@tools src]#

Since we are on Cent OS 64 bit we will issue the following command:

[root@tools src]# make clean linux-x86-64

Once the build is finished the binary will be located in the run directory inside the john folder:

[root@tools run]# cd ../src/
[root@tools src]# cd ../run/
[root@tools run]# ls | grep john
john
john.conf
[root@tools run]#

Issue john with no arguments to see the options:

[root@tools run]# ./john
John the Ripper password cracker, version 1.7.6-jumbo-4
Homepage: http://www.openwall.com/john/
Usage: john [OPTIONS] [PASSWORD-FILES]
--config=FILE use FILE instead of john.conf or john.ini
--single[=SECTION] "single crack" mode
--wordlist=FILE --stdin wordlist mode, read words from FILE or stdin
--rules[=SECTION] enable word mangling rules for wordlist mode
--incremental[=MODE] "incremental" mode [using section MODE]
--markov[=LEVEL[:START:END[:MAXLEN]]] "Markov" mode (see documentation)
--external=MODE external mode or word filter
--stdout[=LENGTH] just output candidate passwords [cut at LENGTH]
--restore[=NAME] restore an interrupted session [called NAME]
--session=NAME give a new session the NAME
--status[=NAME] print status of a session [called NAME]
--make-charset=FILE make a charset, FILE will be overwritten
--show[=LEFT] show cracked passwords [if =LEFT, then uncracked]
--test[=TIME] run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..] load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
--salt-list=SALT[,SALT,..] load just the specified salt(s)
--salts=[-]COUNT[:MAX] load salts with[out] at least COUNT passwords only
(or in range of COUNT to MAX)
--pot=NAME pot file to use
--format=NAME force hash type NAME:
DES/BSDI/MD5/BF/AFS/LM/NT/XSHA/PO/raw-MD5/MD5-gen/
IPB2/raw-sha1/md5a/hmac-md5/phpass-md5/KRB5/bfegg/
nsldap/ssha/openssha/oracle/oracle11/MYSQL/
mysql-sha1/mscash/lotus5/DOMINOSEC/
NETLM/NETNTLM/NETLMv2/NETNTLMv2/NETHALFLM/
mssql/mssql05/epi/phps/mysql-fast/pix-md5/sapG/
sapB/md5ns/HDAA/DMD5/crypt
--subformat=NAME Some formats such as MD5-gen have subformats
(like md5_gen(0), md5_gen(7), etc).
This allows them to be specified.
If the name is LIST, then john will show all
subformats (help mode), and exit
--save-memory=LEVEL enable memory saving, at LEVEL 1..3
--mem-file-size=SIZE max size a wordlist file will preload into memory
(default 5,000,000 bytes)
--field-separator-char=c Use 'c' instead of the ':' for processing fields
(input file, pot file, etc)
--fix-state-delay=N only determine the wordlist offset every N times
It is a performance gain to delay a while
(say 100 loops for a fast algorithm).
For slow algorithms it should not be used.
[root@tools run]#

Every thing looks pretty good so lets load up a few ntlm hash’s and make sure the patch worked:

Unknown ciphertext format name requested
[root@tools run]# john --wordlist=/wordlists/wordlist.lst --rules ntlm.txt
Loaded 31196 password hashes with no different salts (LM DES [128/128 BS SSE2-16])
ZXCVBNM (?)
ZOLDER0 (?:1)
ZHONGGU (?:1)
ZAPHOD1 (?:1)
YOTTABY (?:1)
YOKOHAM (?:1)
YESIAM1 (?)
YESHEYD (?:1)
YAMAHA6 (?:1)
XINGXIN (?:1)
XAIDXAI (?:1)
WOOLGOO (?:1)
WOAIWOD (?:1)
WINDOWS (?:1)
WINDHUN (?:1)
WILMOTS (?)
WILMANA (?:1)
WHODINI (?)
WHATABU (?:1)
WH1T3RU (?:1)
WERTY89 (?)
WELCOME (?)
WELC0ME (?:1)
WEBSTAT (?:1)
WEBPLAN (?:1)
WEBMAST (?:1)
WEBADMI (?:1)
WASHING (?:1)
WANNABE (?:1)
WALKMAN (?:1)
W0LFH0U (?:1)