A new version of John The Ripper, a free password cracking software tool, has been released.
Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS).
It is one of the most popular password testing/breaking programs around, as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker.
It can be run against various encrypted password formats including several crypt password hash types most commonly found on various UNIX flavors.
John the Ripper Pro currently supports the following password hash types (and more are planned):
- Traditional DES-based Unix crypt – most commercial Unix systems (Solaris, AIX, …), Mac OS X 10.2, ancient Linux and *BSD
- “bigcrypt” – HP-UX, Tru64 / Digital Unix / OSF/1
- BSDI-style extended DES-based crypt – BSD/OS, *BSD (non-default)
- FreeBSD-style MD5-based crypt – most Linux, FreeBSD, NetBSD, Cisco IOS, OpenBSD (non-default)
- OpenBSD-style Blowfish-based crypt – OpenBSD, some Linux, other *BSD and Solaris 10 (non-default)
- Kerberos AFS DES-based hashes
- LM (LanMan) DES-based hashes – Windows NT/2000/XP/2003, Mac OS X 10.3
- NTLM MD4-based hashes – Windows NT/2000/XP/2003/Vista (new in 1.7.3 Pro)
- Mac OS X 10.4+ salted SHA-1 hashes (new in 1.7.3 Pro)
Jumbo patch, which has been applied to this source tree of John the Ripper, adds a lot of code, documentation, and data contributed by the user community.
This is not “official” John the Ripper code, but it is very easy for new code to be added to the jumbo patch - the quality requirements are low.
This means that you get a lot of functionality that is not “mature” enough or is otherwise inappropriate for the official JtR, which in turn also means that bugs in this code are to be expected, etc.
You can access John The Ripper 1.7.7 Jumbo 5 over here.
Contributed by SecTechno