John the ripper破解Linux密码

最新推荐文章于 2025-06-05 00:05:55 发布

原创最新推荐文章于 2025-06-05 00:05:55 发布 · 3.3k 阅读

9 ·

CC 4.0 BY-SA版权

笔记专栏收录该内容

14 篇文章

订阅专栏

本文讲述了如何在Linux中为用户Happy创建账户并设置初始密码，随后使用unshadow命令结合密码文件，通过John工具破解密码的过程，包括不同模式的使用和注意事项。重点介绍了WordlistMode、SingleCrack等破解模式的应用。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一.John

在linux系统上创建一个名为happy的新用户，其密码为123

(kali㉿kali)-[~]
└─$ su root                      
Password: 
┌──(root💀kali)-[/home/kali]
└─# adduser happy               
Adding user `happy' ...
Adding new group `happy' (1001) ...
Adding new user `happy' (1001) with group `happy' ...
Creating home directory `/home/happy' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for happy
Enter the new value, or press ENTER for the default
        Full Name []: 
        Room Number []: 
        Work Phone []: 
        Home Phone []: 
        Other []: 
Is the information correct? [Y/n] y

unshadow命令

(root💀kali)-[/home/kali]
└─# unshadow用法
Created directory: /root/.john
Usage: unshadow PASSWORD-FILE SHADOW-FILE
┌──(root💀kali)-[/home/kali]
└─# unshadow /etc/passwd /etc/shadow> ~/file_to_crack

unshadow命令结合/etc/passwd的数据和/etc/shadow的数据，创建1一个含有用户名和密码详细信息的文件。将unshadow命令的输出结果重定向至名为file_to_crack的新文件

3.借助John来破解
说一下这里/etc/passwd这里有空格/etc/shadow
第一种我采用的自己的密码文件，查看不到
第二种是kali自身带的john密码文件其位置在/usr/share/john/password.list

(root💀kali)-[/home/kali]
└─# unshadow /etc/passwd /etc/shadow> ~/file_to_crack                                                                                                1 ⨯
                                                                                                                                                  
┌──(root💀kali)-[/home/kali]
└─# john --wordlist=1.txt ~/file_to_crack                       
Warning: detected hash type "sha512crypt", but the string is also recognized as "HMAC-SHA256"
Use the "--format=HMAC-SHA256" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 3 password hashes with 3 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 AVX 2x])
Cost 1 (iteration count) is 5000 for all loaded hashes
Will run 4 OpenMP threads
fopen: 1.txt: No such file or directory
                                                                                                                                                         
┌──(root💀kali)-[/home/kali]
└─# john --show ~/file_to_crack                                                                                                                      1 ⨯
0 password hashes cracked, 3 left
                                                                                                                                                         
┌──(root💀kali)-[/home/kali]
└─# john    ~/file_to_crack
Warning: detected hash type "sha512crypt", but the string is also recognized as "HMAC-SHA256"
Use the "--format=HMAC-SHA256" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 3 password hashes with 3 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 AVX 2x])
Cost 1 (iteration count) is 5000 for all loaded hashes
Will run 4 OpenMP threads
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
kali             (密码)
Warning: Only 3 candidates buffered for the current salt, minimum 8 needed for performance.
root             (密码)
Warning: Only 4 candidates buffered for the current salt, minimum 8 needed for performance.
Warning: Only 5 candidates buffered for the current salt, minimum 8 needed for performance.
Warning: Only 4 candidates buffered for the current salt, minimum 8 needed for performance.
Warning: Only 5 candidates buffered for the current salt, minimum 8 needed for performance.
Warning: Only 3 candidates buffered for the current salt, minimum 8 needed for performance.
Warning: Only 4 candidates buffered for the current salt, minimum 8 needed for performance.
Warning: Only 6 candidates buffered for the current salt, minimum 8 needed for performance.
Warning: Only 7 candidates buffered for the current salt, minimum 8 needed for performance.
Almost done: Processing the remaining buffered candidate passwords, if any.
Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist
123              (happy)
3g 0:00:00:00 DONE 2/3 (2021-04-30 05:14) 3.030g/s 1125p/s 1128c/s 1128C/s 123456..franklin
Use the "--show" option to display all of the cracked passwords reliably
Session completed

4.注意事项

john工具对于同一个shadow文件只会进行一次爆破，如果第二次执行john shadow是不会得到结果的，只会得到如下输出。

(root💀kali)-[/home/kali]
└─# john shadow                                                                                                                                        1 ⨯
stat: shadow: No such file or directory

John the ripper的四种破解模式
1.[字典档] 破解模式（ Wordlsit Mode）这在John所支援的破解模式中是最简单的一种，你要做的唯一工作就是高速John字典档在哪（字典档就是文字档，内容每行一个单字代表试验的密码），好，让它可以取出破解。在[字典档]破解模式里可以使用[字词变化]功能，来让这些规则自动的套用在每个读入的单字中，以增加破解的机率
2.[简单]破解模式（single Crack）是专门针对[使用账号当做密码]的懒人设计的；就是账号和密码一样都是john。john会拿密码栏内的账号烂尾等相关资讯来破解密码，并且使用多种[字词变化]的规则套用到的[账号]内，以增加破解的机率。如账号[john],它会尝试用[john] 、[john0]、[njoh]…等规则变化来尝试密码的可能性。
3.[增强]破解模式（Incremental Mode）John里面最强大的破解模式，它会自动尝试所有可能的字元组合，然后当做密码来破解。这个破解模式需要时间非常长，因为要尝试组合字元是非常耗费时间的，所以John 才会定义一些一些[字元频率表]（character frequencytables）来帮助破解，把所有可能的密码组合都测试一次，来得到正确的结果。
4.[外挂模组]破解模式（External Mode）这个破解模式是让使用者可以自己用C语言写一些[破解模组程式]，然后挂在John里面来使用。其实所谓的[破解模组程式]就是一些用C语言设计好的副函数，然后它的功能就是产出一些单字来让John尝试破解。而在执行John程式时，它在载入这些[破解模组程式]时会自动编译这些C语言副函数然后来使用。

官方文档