A week ago I wrote about a couple of interesting applications that can crack passwords, but they were not as fast as I thought. After investigating this topic further, I ended up using a community-enhanced version of John the Ripper.

Requirements

Install packages required to compile source code.

$ sudo apt-get install build-essential libssl-dev

Compilation

Create a temporary directory that will be used to compile source code.

$ mkdir temp

Change the working directory.

$ cd temp

Download the most recent community-enhanced version.

$ wget http://www.openwall.com/john/j/john-1.8.0-jumbo-1.tar.gz

Extract downloaded archive.

$ tar xfz john-1.8.0-jumbo-1.tar.gz

Change the working directory.

$ cd john-1.8.0-jumbo-1/src/

Execute configuration script.

$ ./configure

Compile source code.

$ make -s

Compiled software is available in the run directory.

$ cd ../run

You can execute commands directly from that directory.

Simple installation

Create a destination directory for the application.

$ mkdir -p ~/apps/john

Copy application to the destination directory.

$ cp ~/temp/john-1.8.0-jumbo-1/run/* ~/apps/john/

You can execute commands directly from that directory.

$ cd ~/apps/john/ && ./john --test

Advanced installation

Pass JOHN_SYSTEMWIDE parameter in CFLAGS during the configuration phase.

$ ./configure CFLAGS="-DJOHN_SYSTEMWIDE=1"

Create the destination directory and copy the application after the compilation process.

$ mkdir -p ~/apps/john

$ cp ~/temp/john-1.8.0-jumbo-1/run/* ~/apps/john/

Take care of the configuration files.

$ mkdir ~/.john

$ mv ~/apps/john/*.conf ~/.john/
$ mv ~/apps/john/password.lst ~/.john/
$ mv ~/apps/john/*.chr ~/.john/

Alter configuration files to use a shared location.

$ sed -i -e "s|$JOHN|~/.john|" ~/.john/john.conf

$ sed -i -e "/.include/ s|<\(.*\)>|\"~/.john/\1\"|" ~/.john/*.conf

Extend PATH variable to include application directory.

$ echo "export PATH=\$PATH:~/apps/john" >> ~/.bashrc

You can use recently compiled utilities after you log in again. Alternatively, evaluate ~/.bashrc file to expand PATH in the current shell.

$ source ~/.bashrc

Usage

Use zip2john utility to get the hashed password out of the zip archive.

$ zip2john encrypted.zip > encrypted.hash$

Use john to crack password.

$ john --show encrypted.hash
encrypted.zip:@3ncPa5Sword@:::::encrypted.zip
1 password hash cracked, 0 left

rar2john utility will work in the same way for rar archives.

Additional notes

There are other interesting utilities in the community-enhanced version which you may like to examine.

~/apps/john$ ls -1 *2john

dmg2john
gpg2john
hccap2john
keepass2john
keychain2john
keyring2john
keystore2john
kwallet2john
luks2john
pfx2john
putty2john
pwsafe2john
racf2john
rar2john
ssh2john
truecrypt_volume2john
uaf2john
wpapcap2john
zip2john

Use strace command in case of problems with the location of configuration files.