This section describes how to investigate weak passwords in our system. If a weak password, hackers can guess your username and password. Even worse, in many cases the user name of the account that is available to the public, such as an email address. As a system administrator, we can test the strength of user passwords with a password cracker. John the Ripper is a password cracker free. Her main duties crack passwords with brute-force method, running disistem linux and windows, can be added to the dictionary even more size 600 mb said.
Installing Joh The Ripper
First we do is downloading the application from John The Ripper on the official website, click here
Then extract the file, if the file extension then use only the tar command as follows:
Then enter cd kedirektori john-1.7.9/src /
After that compile JTR. Use the make command to see that according to our system, pay attention to the following picture:
of the command will display some operating systems that can be used.
After that, use the command make clean (the system we use). Here I use the linux operating system 32 bit so I chose option linux-x86-SSE2.
Wait so the compilation process is completed.
Using John The Ripper
First we create the first user to experiment. For example:
User = Fendy with password = 1
Before we move further, we note the contents of / etc / passwd and / etc / shadow advance
Contents of / etc / passwd
Contents of / etc / shadow
Next we go to the directory to john-1.7.9/run /
Then use unshadow command (/ usr / sbin / unshadow) to combine or merge the / etc / shadow and / etc / passwd file and then save the results in hasilpasswd (results passwd)
use the following command to check
Then the result is more or less like this.
we can see that 0 disudah on crack passwords and passwords are still terencryp 6.
Well, the last step is to look at the results of which are still terecryp password. Use the following command:
It will display the username and its password.
