Monday, November 16, 2009

Installing John the Ripper Version Tutorial

I just upgraded to the newest version of John the Ripper so I decided to make a tutorial out of my experience, (with screen-shots), since it was a fairly time consuming ordeal. It's mostly focused on installing John the Ripper on a Mac OSX Snow Leopard, but you should be able to use most of it when installing it to various flavors of Linux as well. Besides going over the base install, I also tried to cover:
  • Which patches to install, where to find them, and how to apply them
  • Picking the right build options
  • Modifying the Makefile so it actually will install on Snow Leopard
  • Modifying the code so you can use incremental attacks against passwords longer than eight characters long
You can find it on my tools page, or by clicking on this link.


S. Hamid Kashfi said...

Interesting researches on passwords statistics. BTW just in case you've missed MPI, I've previously blogged about how to get the most out og JtR:

It may speed some of your works :)

Max Thrun said...

+1 Kashfi

Have you tried the MPI patch on any of your sessions? I would be itneresting to see some graphs with and without it running with markov. great tutorial though

Matt Weir said...

Hey, thanks for the comments, (and thanks for the link Hamid). I know I'm going to loose geek points, but I don't use the MPI patch since it doesn't really fit into my cracking setup, (aka I unfortunately don't have any eight core servers, or tons of machines on the same local network to distribute work between). Also, the MPI patch only handles unmodified incremental attacks, and it has "issues" properly distributing the workload.

I asked about it on the official John the Ripper forums and one of the main JtR Developers, Solar Designer, responded:

"It's a patch I'm trying to slowly let die, unless anyone has more time to make it properly split work"

That being said, I might try to install it this weekend to, (the last supported version it works on is, and see what happens. Regardless, I'll report back here with what I find.

Matt Weir said...

Edit, I meant to say RB, (the creator of the MPI patch), was the one who posted that.

S. Hamid Kashfi said...

Matt, thanks for your response on topic.

Will you please inform me if you've ported MPI patch to ?

While you're right about MPI patch situation I still find it VERY useful, considering running it on my Intel i7 cpu. It make my cracking speed about 8 times faster so even if it`s buggy it worth the speed.

But I've always wondered why John is not supporting multi-core natively? Having multi-core cpu is ineed not common betwen normal cpu users, but it`s very common between hardcore John (and other password audit tools) users :)

Matt Weir said...

Well I tried to install the MPI patch to JtR, but it failed. Apparently a couple of lines were changed in bench.c, so hopefully it won't be too hard of a fix.

As to your other question Hamid, it probably deserves a full post for the answer. The short answer is that John the Ripper wasn't developed to work in a multi-cpu environment. Therefore, the developers used a lot of tricks to make it run very fast on a single processor. Unfortunately, because of that, you would pretty much have to rewrite the entire core of John the Ripper to make it multi-threaded. The MPI patch worked because MPI is mostly a compile time optimization.

jon said...

i'm a student and trying to learn more about terminal.
When i tried to do: cd
the terminal replies back no such file or directory found.
I'm confused because i already finished downloading and unzipping it.
pls help. i'm stock :(