切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
196 暴力破解 : John 3[复制链接]
发表于 2012-10-3 20:43:18 | 显示全部楼层 |!read_mode!
JOGN已经整合到metasploit里面了
  1. root@Dis9Team:/pen/msf3/data/john# ls
  2. confs   README-jumbo       run.linux.x86.any   run.win32.any   src.tar.bz2
  3. doc     README.Rapid7.txt  run.linux.x86.mmx   run.win32.mmx   wordlists
  4. README  run.linux.x64.mmx  run.linux.x86.sse2  run.win32.sse2
复制代码

查看一下
  1. root@Dis9Team:/pen/msf3/data/john# cd run.linux.x86.
  2. root@Dis9Team:/pen/msf3/data/john/run.linux.x86.any# ./john
  3. John the Ripper password cracker, version 1.7.8-jumbo-2
  4. Copyright (c) 1996-2011 by Solar Designer and others
  5. Homepage: http://www.openwall.com/john/

  6. Usage: john [OPTIONS] [PASSWORD-FILES]
  7. --config=FILE             use FILE instead of john.conf or john.ini
  8. --single[=SECTION]        "single crack" mode
  9. --wordlist=FILE --stdin   wordlist mode, read words from FILE or stdin
  10. --utf8                    all files are encoded in UTF-8 (see documentation)
  11. --rules[=SECTION]         enable word mangling rules for wordlist mode
  12. --incremental[=MODE]      "incremental" mode [using section MODE]
  13. --markov[=LEVEL[:opts]]   "Markov" mode (see documentation)
  14. --external=MODE           external mode or word filter
  15. --stdout[=LENGTH]         just output candidate passwords [cut at LENGTH]
  16. --restore[=NAME]          restore an interrupted session [called NAME]
  17. --session=NAME            give a new session the NAME
  18. --status[=NAME]           print status of a session [called NAME]
  19. --make-charset=FILE       make a charset, FILE will be overwritten
  20. --show[=LEFT]             show cracked passwords [if =LEFT, then uncracked]
  21. --test[=TIME]             run tests and benchmarks for TIME seconds each
  22. --users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
  23. --groups=[-]GID[,..]      load users [not] of this (these) group(s) only
  24. --shells=[-]SHELL[,..]    load users with[out] this (these) shell(s) only
  25. --salts=[-]COUNT[:MAX]    load salts with[out] COUNT [to MAX] hashes
  26. --pot=NAME                pot file to use
  27. --format=NAME             force hash type NAME: des/bsdi/md5/bf/afs/lm/nt/xsha
  28.                           mscash/mscash2/hmac-md5/po/raw-md5/raw-md5-unicode
  29.                           phpass-md5/dmd5/ipb2/raw-sha1/sha1-gen/raw-md4/md4-gen
  30.                           krb4/krb5/mskrb5/nsldap/ssha/openssha/salted-sha/bfegg
  31.                           oracle/oracle11/mysql/mysql-sha1/lotus5/dominosec
  32.                           netlm/netntlm/netlmv2/netntlmv2/nethalflm/mediawiki
  33.                           mschapv2/mssql/mssql05/epi/phps/mysql-fast/pix-md5
  34.                           sapg/sapb/md5ns/hdaa/hmailserver/sybasease/crypt/ssh
  35.                           pdf/rar/zip/dummy/md5-gen(n)
  36. --subformat=LIST          get a listing of all md5-gen(n) formats
  37. --save-memory=LEVEL       enable memory saving, at LEVEL 1..3
  38. --mem-file-size=SIZE      size threshold for wordlist preload (default 5 MB)
  39. --field-separator-char=c  use 'c' instead of the ':' in input and pot files
  40. --fix-state-delay=N       performance tweak, see documentation
  41. --nolog                   disables creation and writing to john.log file
  42. root@Dis9Team:/pen/msf3/data/john/run.linux.x86.any#
复制代码

他支持更多的模块
–format=NAME             force hash type NAME: des/bsdi/md5/bf/afs/lm/nt/xsha
                          mscash/mscash2/hmac-md5/po/raw-md5/raw-md5-unicode
                          phpass-md5/dmd5/ipb2/raw-sha1/sha1-gen/raw-md4/md4-gen
                          krb4/krb5/mskrb5/nsldap/ssha/openssha/salted-sha/bfegg
                          oracle/oracle11/mysql/mysql-sha1/lotus5/dominosec
                          netlm/netntlm/netlmv2/netntlmv2/nethalflm/mediawiki
                          mschapv2/mssql/mssql05/epi/phps/mysql-fast/pix-md5
                          sapg/sapb/md5ns/hdaa/hmailserver/sybasease/crypt/ssh
                          pdf/rar/zip/dummy/md5-gen(n)

用这个最好 先建立个配置文件(建立用MSF默认的/pen/msf3/data/john/confs/john.conf)
root@Dis9Team:/pen/msf3/data/john/run.linux.x86.mmx# nano john.conf
/pen/passswd/john-1.7.9/runjohn.conf复制到METASPLOIT的JOHN目录
破解之:
  1. root@Dis9Team:/pen/msf3/data/john/run.linux.x86.mmx# ./john /tmp/unixpass -w:../wordlists/password.lst
  2. Loaded 2 password hashes with 2 different salts (generic crypt(3) [?/32])
  3. 123456           (root)
  4. a                (brk)
  5. guesses: 2  time: 0:00:00:01 DONE (Sun Jul 22 15:34:07 2012)  c/s: 263  trying: 9 - abdicate
  6. Use the "--show" option to display all of the cracked passwords reliably
复制代码
查看结果
  1. root@Dis9Team:/pen/msf3/data/john/run.linux.x86.mmx# ./john --show /tmp/unixpass
  2. root:123456:0:0:root:/root:/bin/bash
  3. brk:a:1000:1000:Dis9Team,,,:/home/brk:/bin/bash

  4. 2 password hashes cracked, 0 left
  5. root@Dis9Team:/pen/msf3/data/john/run.linux.x86.mmx#
复制代码

建立快捷方式
  1. root@Dis9Team:/pen/msf3/data/john/run.linux.x86.mmx# which john
  2. /usr/sbin/john
  3. root@Dis9Team:/pen/msf3/data/john/run.linux.x86.mmx# rm /usr/sbin/john
  4. root@Dis9Team:/pen/msf3/data/john/run.linux.x86.mmx# ln -s /pen/msf3/data/john/run.linux.x86.mmx/john /usr/bin/john
复制代码

以后肉肉鸡要用JOHN,在METASPLOIT打包下载到你肉鸡 别自己编译



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-29 06:34

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部