John the Ripper is a fast and famous password cracker.
John can break many password hashes, but one of the primary missing feature was the CPU multiple core support. But today, John the Ripper 1.7.9 supports OpenMP which brings Multi-Processing. Of course this feature was present on some patched versions of John, but since the 1.7.9 version it is officially integrated.
One of the best platform on which you should use John the Ripper is UNIX, I personally prefer running john on Debian x86_64.
Let’s try some simple steps to enable and illustrate the new feature
- First go to http://www.openwall.com/john/, and download the latest version. When I write this article the latest stable release was 1.7.9.
$ wget http://www.openwall.com/john/g/john-1.7.9.tar.gz
$ tar -xvzf john-1.7.9.tar.gz
- Now let’s make some changes inside the Makefile to enable the use of OpenMP
$ cd john-1.7.9/src/
john-1.7.9/src$ nano Makefile
-
Locate the following lines:
# gcc with OpenMP #OMPFLAGS = -fopenmp #OMPFLAGS = -fopenmp -msse2 -
Uncomment OMPFLAGS
# gcc with OpenMP OMPFLAGS = -fopenmp OMPFLAGS = -fopenmp -msse2 -
Before compiling john, make sure you have gcc installed! Now, let’s compile john.
john-1.7.9/src$ make
This command will list all the systems where john can be compiled on. So, because I’m running Debian x86_64, I will choose linux-x86-64.
john-1.7.9/src$ make linux-x86-64
John should be located in the ../run folder.
- Let’s try John
john-1.7.9/src$ cd ../run/
john-1.7.9/run$ ./john --test
Some benches should appear…
Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
Many salts: 7651K c/s real, 3872K c/s virtual
Only one salt: 6876K c/s real, 3487K c/s virtual
At this stage, John should now use all your CPU cores.
- Now let’s do something fun, if you want John to use a certain amount of cores you can adjust it with the environment variable OMP_NUM_THREADS:
john-1.7.9/run$ OMP_NUM_THREADS=1 ./john --test
Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
Many salts: 3982K c/s real, 3990K c/s virtual
Only one salt: 3770K c/s real, 3770K c/s virtual
As you can see, this bench is twice slower than the previous one. That's because I requested OpenMP to use only one core on my dual-core CPU.
Feel free to adjust the number of cores you want to use with OMP_NUM_THREADS.
Three other quick tips regarding John the Ripper
- Restore your previous job in background
./john --restore &> /dev/null &
- Get the status for the current task
./john --status
- Display the plain passwords (cracked hashes)
./john --show hash_file
Let’s see if you can crack some of my UNIX accounts
baby:$6$rc7o1BLw$Qsl9hnQx7W3C3KDagDkWXAXDx0vDWqwM0BOOeQyotXzCvUs6DeijTp3zBsbjCw4ou2OoJXKf6qNC5pEGEsjZF/
mat:$6$Ajsi.AJy$GdZ3iGYzaUk.NoTkGrSpTotskDyg3FIrBMjya7un.WE4r.P/RdhwRb2e6mmdJWZrLHgNuCc1CUEVtj5l4qVec1
milou:$6$UYj2H.Jq$ChyawjKf3XQVftrVpnDEsFFph1P0pElDv3GuBXXTy2ICbB3oVE/6mhyo3poCD532B03fYMSWgR3D7E.qFyXnk/
superman:$6$8HZYSst1$F/8U5nPD9grY/kaC3jWVZcqdawRsa3t9PKKWSI6MZwR9T2vCs8jxWajx7vYcHtSPe0FbIf8LnMDJESTrmaAx7.
toto:$6$Mzwiuppo$4aSvxLcbDD7hhnWj9vr9js7/VZ5hNhrq/b07PVfMc9Y4SeNMNtHci8XYUTAxF7c3qv3uHqByKzdFPAV3KBBog0
master:$6$Jyv/bLLH$wC1eBBFpPclSwNuS5Lkj1ciqZCtO4d/FQ/8RuWrHRejvAZSn4zSmGDaTYwwgOofytlhwTHD8vE3QuqRYmFdKj0
Have fun with my friend John!
