Linux Server How To

How To Setup, Configure, Manage and Secure a Linux Server



    Home
    Which Linux Distribution?
    Linux Server Hardware
    Linux Server Security
        Linux Server Security
        Linux Server Firewalls
        Easy Firewall Generator
        IPTABLES Firewall Tutorial
        Ubuntu Server Firewall
        Secure Passwords
        Install John the Ripper
        Keep Your Server Updated
    Linux Web Server - Apache
    Linux DNS Server - Bind
    Linux DHCP Server - DHCPD
    Linux Mail Server - Sendmail
    LDP How To's
    About This Site

Linux Server Security - John the Ripper Password Cracking Utility


How to Install John the Ripper Using Apt-get

John the Ripper, often simply called john, is a very useful tool for discovering which of your users have weak passwords. John uses the same methodology to attempt to break the passwords held in your password file as would-be attackers would use. In fact John the Ripper is used by both sides of the fence, on one side to detect bad passwords so that they can be changed and on the other side it is used to break passwords on any password file they might be fortunate enough to come across.

John the Ripper is easy to install, particularly if you use a distribution that uses apt-get for software installation or upgrade. You will need to install John the Ripper itself and a wordlist appropriate to your language. John uses the wordlist, usually a dictionary, to attempt to find passwords based on dictionary words. Installing John the Ripper on an distribution that uses apt is as easy as-

sudo apt-get install john
sudo apt-get install wamerican
sudo apt-get install wbritish


This will install John the Ripper system wide on your Linux server with two wordlists to choose from, one british and one american. Installing a password cracker system wide is perhaps not all that wise for many reasons. I prefer to copy the password file that I want to check for bad passwords onto a completely different Linux machine that I use for testing and other tasks such as this. To remove John the Ripper when you are finished simply type-

sudo apt-get remove john




How to Install John the Ripper From Source

John the Ripper is easy to install from source and makes the step of installing the program system wide unnecessary as it can be run from the directory it was compiled in. The first step in installing John is to download the latest free version from openwall.com. I use wget for downloading the source directly onto my Linux server.

john@slackware-linux-server:~$ mkdir johntheripper
john@slackware-linux-server:~$ cd johntheripper
john@slackware-linux-server:~/johntheripper$ wget http://www.openwall.com/john/g/john-1.7.3.4.tar.gz


Once you have downloaded John onto your computer it must be uncompressed. Note that 1.7.3.4 is the version number and should be replaced by the version number of the copy you have downloaded. Use gzip and tar to unpack the source code and change into the src directory as shown below.

john@slackware-linux-server:~$ gzip -cd john-1.7.3.4.tar.gz | tar xvf -
john@slackware-linux-server:~$ cd john-1.7.3.4/src/
john@slackware-linux-server:~/johntheripper/john-1.7.3.4/src$


Once you are in the src directory type make as if you were going to compile the program. You will be given a series of choices and should select one that is appropriate for your system type.

john@slackware-linux-server:~/johntheripper/john-1.7.3.4/src$ make
To build John the Ripper, type:
make clean SYSTEM
where SYSTEM can be one of the following:
linux-x86-64 Linux, x86-64 with SSE2 (best)
linux-x86-sse2 Linux, x86 with SSE2 (best if 32-bit)
linux-x86-mmx Linux, x86 with MMX
linux-x86-any Linux, x86
linux-alpha Linux, Alpha
linux-sparc Linux, SPARC 32-bit
linux-ppc32-altivec Linux, PowerPC w/AltiVec (best)
linux-ppc32 Linux, PowerPC 32-bit
linux-ppc64 Linux, PowerPC 64-bit
linux-ia64 Linux, IA-64
freebsd-x86-64 FreeBSD, x86-64 with SSE2 (best)
freebsd-x86-sse2 FreeBSD, x86 with SSE2 (best if 32-bit)
freebsd-x86-mmx FreeBSD, x86 with MMX
freebsd-x86-any FreeBSD, x86
freebsd-alpha FreeBSD, Alpha
openbsd-x86-64 OpenBSD, x86-64 with SSE2 (best)
openbsd-x86-sse2 OpenBSD, x86 with SSE2 (best if 32-bit)
openbsd-x86-mmx OpenBSD, x86 with MMX
openbsd-x86-any OpenBSD, x86
openbsd-alpha OpenBSD, Alpha
openbsd-sparc64 OpenBSD, SPARC 64-bit (best)
openbsd-sparc OpenBSD, SPARC 32-bit
openbsd-ppc32 OpenBSD, PowerPC 32-bit
openbsd-ppc64 OpenBSD, PowerPC 64-bit
openbsd-pa-risc OpenBSD, PA-RISC
openbsd-vax OpenBSD, VAX
netbsd-sparc64 NetBSD, SPARC 64-bit
netbsd-vax NetBSD, VAX
solaris-sparc64-cc Solaris, SPARC V9 64-bit, cc (best)
solaris-sparc64-gcc Solaris, SPARC V9 64-bit, gcc
solaris-sparcv9-cc Solaris, SPARC V9 32-bit, cc
solaris-sparcv8-cc Solaris, SPARC V8 32-bit, cc
solaris-sparc-gcc Solaris, SPARC 32-bit, gcc
solaris-x86-64-cc Solaris, x86-64 with SSE2, cc (best)
solaris-x86-64-gcc Solaris, x86-64 with SSE2, gcc
solaris-x86-sse2-cc Solaris 9 4/04+, x86 with SSE2, cc
solaris-x86-sse2-gccSolaris 9 4/04+, x86 with SSE2, gcc
solaris-x86-mmx-cc Solaris, x86 with MMX, cc
solaris-x86-mmx-gcc Solaris, x86 with MMX, gcc
solaris-x86-any-cc Solaris, x86, cc
solaris-x86-any-gcc Solaris, x86, gcc
sco-x86-any-gcc SCO, x86, gcc
sco-x86-any-cc SCO, x86, cc
tru64-alpha Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32 AIX, PowerPC 32-bit
macosx-x86-64 Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)
macosx-x86-sse2 Mac OS X, x86 with SSE2
macosx-ppc32-altivec Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32 Mac OS X, PowerPC 32-bit
macosx-ppc64 Mac OS X 10.4+, PowerPC 64-bit
macosx-universal Mac OS X, Universal Binary (x86 + x86-64 + PPC)
hpux-pa-risc-gcc HP-UX, PA-RISC, gcc
hpux-pa-risc-cc HP-UX, PA-RISC, ANSI cc
irix-mips64-r10k IRIX, MIPS 64-bit (R10K) (best)
irix-mips64 IRIX, MIPS 64-bit
irix-mips32 IRIX, MIPS 32-bit
dos-djgpp-x86-mmx DOS, DJGPP, x86 with MMX
dos-djgpp-x86-any DOS, DJGPP, x86
win32-cygwin-x86-sse2 Win32, Cygwin, x86 with SSE2 (best)
win32-cygwin-x86-mmx Win32, Cygwin, x86 with MMX
win32-cygwin-x86-any Win32, Cygwin, x86
beos-x86-sse2 BeOS, x86 with SSE2 (best)
beos-x86-mmx BeOS, x86 with MMX
beos-x86-any BeOS, x86
generic Any other Unix-like system with gcc


Our Slackware Linux server will work well with the linux-x86-sse2 compile option so that is the one we have selected. If your unsure you can take the generic option but you may see a performance hit as a result.

john@slackware-linux-server:~/johntheripper/john-1.7.3.4/src$ make clean linux-x86-sse2


Your installation of John the Ripper is now ready to use. You can copy the entire run directory to wherever you like and use john from there or simply run it from where it is by typing-

john@slackware-linux-server:~/johntheripper/john-1.7.3.4/src$ cd ../run
john@slackware-linux-server:~/johntheripper/john-1.7.3.4/src$ ./john --test




© 2009 www.linuxserverhowto.com