Senin, 30 Januari 2012

PRIVILEGE ESCALATION CRACK etc/shadow WITH JOHN THE RIPPER


open aplication john the reipper through menu BT-Apps-Privilege Escalation-Password Attacks-Offline Atacks-John The Ripper
root@bt:/pentest/passwords/john# john
John the Ripper password cracker, ver: 1.7.8-jumbo-8 [linux-x86-sse2]
Copyright (c) 1996-2011 by Solar Designer and others
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--config=FILE             use FILE instead of john.conf or john.ini
--single[=SECTION]        "single crack" mode                                          
--wordlist=FILE --stdin   wordlist mode, read words from FILE or stdin
                --pipe    like --stdin, but bulk reads, and allows rules               
--encoding=NAME           the input data is in a 'non-standard' character.
                          encoding. NAME = utf-8, koi8-r, and others. For a            
                          full list, use --encoding=LIST
--rules[=SECTION]         enable word mangling rules for wordlist mode                 
--incremental[=MODE]      "incremental" mode [using section MODE]
--markov[=LEVEL[:opts]]   "Markov" mode (see documentation)                            
--external=MODE           external mode or word filter
--stdout[=LENGTH]         just output candidate passwords [cut at LENGTH]
--restore[=NAME]          restore an interrupted session [called NAME]
--session=NAME            give a new session the NAME
--status[=NAME]           print status of a session [called NAME]
--make-charset=FILE       make a charset file. It will be overwritten
--show[=LEFT]             show cracked passwords [if =LEFT, then uncracked]
--test[=TIME]             run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..]      load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]    load users with[out] this (these) shell(s) only
--salts=[-]COUNT[:MAX]    load salts with[out] COUNT [to MAX] hashes
--pot=NAME                pot file to use
--format=NAME             force hash type NAME: des/bsdi/md5/bf/afs/lm/bfegg
                          dmd5/dominosec/epi/hdaa/ipb2/krb4/krb5/mschapv2
                          mysql-fast/mysql/netlm/netlmv2/netntlm/netntlmv2
                          nethalflm/ssha/nsldap/md5ns/nt/openssha/phps/po/xsha
                          crc32/hmac-md5/lotus5/md4-gen/mediawiki/mscash/mscash2
                          mskrb5/mssql/mssql05/mysql-sha1/oracle11/oracle
                          phpass-md5/pix-md5/pkzip/raw-md4/raw-md5/raw-sha1
                          raw-md5u/salted-sha1/sapb/sapg/sha1-gen/trip
                          raw-sha224/raw-sha256/raw-sha384/raw-sha512/xsha512
                          hmailserver/sybasease/crypt/ssh/pdf/rar/zip/dummy
                          dynamic_n
--subformat=LIST          get a listing of all 'dynamic_n' formats
--save-memory=LEVEL       enable memory saving, at LEVEL 1..3
--mem-file-size=SIZE      size threshold for wordlist preload (default 5 MB)
--field-separator-char=C  use 'C' instead of the ':' in input and pot files
--fix-state-delay=N       performance tweak, see documentation
--nolog                   disables creation and writing to john.log file
--crack-status            emit a status line whenever a password is cracked
--plugin=NAME[,..]        load this (these) dynamic plugin(s)



 but previously we save the file first exploits etc / shadoaw as below.


 type the command
 root@bt:/pentest/passwords/john# john /home/etcshadow
waiting the folloeing in loading prosses





Tidak ada komentar:

Posting Komentar