12 March 2006 | 187,846 views

JTR (Password Cracking) – John the Ripper 1.7 Released – FINALLY

Check Your Web Security with Acunetix

The new “features” this time are primarily performance improvements possible due to the use of better algorithms (bringing more inherent parallelism of trying multiple candidate passwords down to processor instruction level), better optimized code, and new hardware capabilities (such as AltiVec available on PowerPC G4 and G5 processors).

In particular, John the Ripper 1.7 is a lot faster at Windows LM hashes than version 1.6 used to be. (Since JtR is primarily a Unix password cracker, optimizing the Windows LM hash support was not a priority and hence it was not done in time for the 1.6 release.) John’s “raw” performance at LM hashes is now similar to or slightly better than that of commercial Windows password crackers such as LC5 – and that’s despite John trying candidate passwords in a more sophisticated order based on statistical information (resulting in typical passwords getting cracked earlier).

John the Ripper 1.7 also improves on the use of MMX on x86 and starts to use AltiVec on PowerPC processors when cracking DES-based hashes (that is, both Unix crypt(3) and Windows LM hashes). To my knowledge, John 1.7 (or rather, one of the development snapshots leading to this release) is the first program to cross the 1 million Unix crypts per second (c/s) boundary on a general-purpose CPU. Currently, John 1.7 achieves up to 1.6M c/s raw performance (that is, with no matching salts) on a PowerPC G5 at 2.7 GHz (or 1.1M c/s on a 1.8 GHz) and touches 1M c/s on the fastest AMD CPUs currently available. Intel P4s reach up to 800k c/s. (A non-public development version making use of SSE also reaches 1M c/s on an Intel P4 at 3.4 and 3.6 GHz. I intend to include that code into a post-1.7 version.)

Additionally, John 1.7 makes an attempt at generic vectorization support for bitslice DES (would anyone try to set DES_BS_VECTOR high and compile this on a real vector computer, with compiler vectorizations enabled?), will do two MD5 hashes at a time on RISC architectures (with mixed instructions, allowing more instructions to be issued each cycle), and includes some Blowfish x86 assembly code optimizations for older x86 processors (the Pentium Pro family, up to and including Pentium 3) with no impact on newer ones due to runtime CPU type detection.

Speaking of the actual features, John 1.7 adds an event logging framework (John will now log how it proceeds through stages of each of its cracking modes – word mangling rules being tried, etc.), better idle priority emulation with POSIX scheduling calls (once enabled, this almost eliminates any impact John has on performance of other applications on the system), system-wide installation support for use by *BSD ports and Linux distributions, and support for AIX, DU/Tru64 C2, and HP-UX tcb files in the “unshadow” utility.

Finally, there are plenty of added pre-configured make targets with optimal settings, including ones for popular platforms such as Linux/x86-64, Linux/PowerPC (including ppc64 and AltiVec), Mac OS X (PowerPC and x86), Solaris/sparc64, OpenBSD on almost anything 32-bit and 64-bit, and more.

Of course, all platforms supported by John 1.6 (including plain x86 running most Unix-like systems, Win32, or DOS) are still supported. Similarly, pre-compiled binary distributions of John 1.7 for Win32 and DOS are made available.

Source: Security Focus



Recent in Hacking Tools:
- InsomniaShell – ASP.NET Reverse Shell Or Bind Shell
- WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More
- Kali Linux – The Most Advanced Penetration Testing Linux Distribution

Related Posts:
- lm2ntcrack – Microsoft Windows NT Hash Cracker (MD4 -LM)
- Password Cracking Wordlists and Tools for Brute Forcing
- Crunch – Password Cracking Wordlist Generator

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,878,877 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,076,314 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 629,317 views

Advertise on Darknet

21 Responses to “JTR (Password Cracking) – John the Ripper 1.7 Released – FINALLY”

  1. naveed 12 May 2006 at 6:08 pm Permalink

    from where do i download john the ripper ?

    regards,
    naveed
    naveedvfp@yahoo.com

  2. Hellboy 18 May 2006 at 2:06 pm Permalink

    Naveed u can get it from here

    http://www.openwall.com/john/

  3. naveed 18 May 2006 at 6:41 pm Permalink

    i did download john the ripper john171w.zip but i don’t understand
    about parameter although i was writing correct but each time it was giving me an error, can you provide me link to download bruteforcer
    or email cracker for yahoo ?

    regards,
    naveed

  4. rudra 23 June 2006 at 4:27 am Permalink

    from where i can get john ripper 1.7. inform.

  5. Gouki 23 June 2006 at 5:10 am Permalink

    *Gouki looks up 2 comments*

    http://www.openwall.com/john/

  6. henrik 13 September 2006 at 4:50 pm Permalink

    is there any programmes to look at social security database’s or dhss databases?

  7. shashi 26 September 2006 at 7:27 am Permalink

    very good utility

  8. Adubs 28 September 2006 at 1:48 am Permalink

    now how the fuck do u use this

  9. Darknet 28 September 2006 at 4:03 am Permalink

    Adubs: You are required to engage your brain and RTFM :)

  10. ALI KHAYRI 31 October 2006 at 7:51 am Permalink

    Speaking of the actual features, John 1.7 adds an event logging framework (John will now log how it proceeds through stages of each of its cracking modes – word mangling rules being tried, etc.), better idle priority emulation with POSIX scheduling calls (once enabled, this almost eliminates any impact John has on performance of other applications on the system), system-wide installation support for use by *BSD ports and Linux distributions, and support for AIX, DU/Tru64 C2, and HP-UX tcb files in the “unshadow” utility.

  11. Stephanie 18 November 2006 at 8:53 pm Permalink

    For anyone interested, there is a diff file to add support to John the Ripper for Tiger’s (Mac OS X 10.4) salted SHA1 hashes.

    http://fsbsoftware.com/john-1.7-saltsha1.diff

    And some precompiled versions of JtR for Mac OS X are available here (not including the Tiger salted SHA1 diff):
    http://www.macunix.net/JTR/

  12. deleo 20 November 2006 at 7:28 pm Permalink

    how can i learn to use jtr

  13. zac 30 November 2006 at 7:03 pm Permalink

    Adubs: You are required to engage your brain and RTFM :)

    the problem is that all the damn tutorials you find on the net tell you to type “john -x xxxx.xxx” etc but the error returned is that there is no executable named “john”. If all you needed was TFM then there would be no tutorials. The older 1.6 versions include the “john” executable and will work with all the tutorials you find on the net.

    good luck though. I’ve been using jtr with the CCbill exploiter and have not found a single working pass yet. yay?!?!?……

  14. rana 11 December 2006 at 4:17 pm Permalink

    can any one tell me how to use john ripper transparently

  15. hix 8 April 2007 at 7:41 am Permalink

    can JTR crack friendster passwords?

  16. albino 6 July 2007 at 6:51 am Permalink

    i read the instructions btu im not computer savvi enough to understand how do u install and run

  17. centaspike 6 September 2007 at 2:48 pm Permalink

    do your research….

    and use your common sense if you cant get things working.

    /cvntyness

  18. N-ZeX 24 October 2007 at 8:00 am Permalink

    zac,

    actually, it’s not “john”, it’s “john-mmx”. i dont know why they messed-up “john” with “john-mmx”

    also, can JTR get passwords from yahoo mail and friendster? if not, does anybody know how i can get the hashed passwords of a certain yahoo user? all i have is their e-mail address…