使用john破解ubuntu(linux)9.10密码

显示全部楼层 · 2012-4-1 19:21:39

ubuntu9.10的账户密码加密方式改用sha512了，默认的john是破不了的，还好官方有补丁。
首先解压缩john1.75的源代码，vi编辑Makefile文件，添加我下面标注好的红色字体
LDFLAGS=-s-lcrypt

JOHN_OBJS_MINIMAL=\

DES_fmt.oDES_std.oDES_bs.o\

BSDI_fmt.o\

MD5_fmt.oMD5_std.o\

BF_fmt.oBF_std.o\

AFS_fmt.o\

LM_fmt.o\

batch.obench.ocharset.ocommon.ocompiler.oconfig.ocracker.o\

crc32.oexternal.oformats.ogetopt.oidle.oinc.ojohn.olist.o\

loader.ologger.omath.omemory.omisc.ooptions.oparams.opath.o\

recovery.orpp.orules.osignals.osingle.ostatus.otty.owordlist.o\

unshadow.o\

unafs.o\

unique.o\

crypt_fmt.o

然后新建一个crypt_fmt.c文件，代码如下/*publicdomainproof-of-conceptcodebySolarDesigner*/
#define_XOPEN_SOURCE/*forcrypt(3)*/

#include<string.h>

#include<unistd.h>
#include"arch.h"

#include"params.h"

#include"formats.h"
#defineFORMAT_LABEL"crypt"

#defineFORMAT_NAME"genericcrypt(3)"

#defineALGORITHM_NAME"?/"ARCH_BITS_STR
#defineBENCHMARK_COMMENT""

#defineBENCHMARK_LENGTH0
#definePLAINTEXT_LENGTH72
#defineBINARY_SIZE128

#defineSALT_SIZEBINARY_SIZE
#defineMIN_KEYS_PER_CRYPT1

#defineMAX_KEYS_PER_CRYPT1
staticstructfmt_teststests[]={

{"CCNf8Sbh3HDfQ","U*U*U*U*"},

{"CCX.K.MFy4Ois","U*U***U"},

{"CC4rMpbg9AMZ.","U*U***U*"},

{"XXxzOu6maQKqQ","*U*U*U*U"},

{"SDbsugeBiC58A",""},

{NULL}

};
staticcharsaved_key[PLAINTEXT_LENGTH+1];

staticcharsaved_salt[SALT_SIZE];

staticchar*crypt_out;
staticintvalid(char*ciphertext)

{

#if1

intl=strlen(ciphertext);

returnl>=13&&l<BINARY_SIZE;

#else

/*Poorloadtime,butmoreeffectiveatrejectingbad/unsupportedhashes*/

char*r=crypt("",ciphertext);

intl=strlen(r);

return

!strncmp(r,ciphertext,2)&&

l==strlen(ciphertext)&&

l>=13&&l<BINARY_SIZE;

#endif

}
staticvoid*binary(char*ciphertext)

{

staticcharout[BINARY_SIZE];

strncpy(out,ciphertext,sizeof(out));/*NULpaddingisrequired*/

returnout;

}
staticvoid*salt(char*ciphertext)

{

staticcharout[SALT_SIZE];

intcut=sizeof(out);
#if1

/*Thispieceisoptional,butmatchingsaltsarenotdetectedwithoutit*/

switch(strlen(ciphertext)){

case13:

case24:

cut=2;

break;
case20:

if(ciphertext[0]=='_')cut=9;

break;
case34:

if(!strncmp(ciphertext,"$1$",3)){

char*p=strchr(ciphertext+3,'$');

if(p)cut=p-ciphertext;

}

break;
case59:

if(!strncmp(ciphertext,"$2$",3))cut=28;

break;
case60:

if(!strncmp(ciphertext,"$2a$",4))cut=29;

break;

}

#endif
/*NULpaddingisrequired*/

memset(out,0,sizeof(out));

memcpy(out,ciphertext,cut);
returnout;

}
staticintbinary_hash_0(void*binary)

{

return((unsignedchar*)binary)[12]&0xF;

}
staticintbinary_hash_1(void*binary)

{

return((unsignedchar*)binary)[12]&0xFF;

}
staticintbinary_hash_2(void*binary)

{

return

(((unsignedchar*)binary)[12]&0xFF)|

((int)(((unsignedchar*)binary)[11]&0xF)<<8);

}
staticintget_hash_0(intindex)

{

return(unsignedchar)crypt_out[12]&0xF;

}
staticintget_hash_1(intindex)

{

return(unsignedchar)crypt_out[12]&0xFF;

}
staticintget_hash_2(intindex)

{

return

((unsignedchar)crypt_out[12]&0xFF)|

((int)((unsignedchar)crypt_out[11]&0xF)<<8);

}
staticintsalt_hash(void*salt)

{

intpos=strlen((char*)salt)-2;
return

(((unsignedchar*)salt)[pos]&0xFF)|

((int)(((unsignedchar*)salt)[pos+1]&3)<<8);

}
staticvoidset_salt(void*salt)

{

strcpy(saved_salt,salt);

}
staticvoidset_key(char*key,intindex)

{

strcpy(saved_key,key);

}
staticchar*get_key(intindex)

{

returnsaved_key;

}
staticvoidcrypt_all(intcount)

{

crypt_out=crypt(saved_key,saved_salt);

}
staticintcmp_all(void*binary,intcount)

{

return!strcmp((char*)binary,crypt_out);

}
staticintcmp_exact(char*source,intindex)

{

return1;

}
structfmt_mainfmt_crypt={

{

FORMAT_LABEL,

FORMAT_NAME,

ALGORITHM_NAME,

BENCHMARK_COMMENT,

BENCHMARK_LENGTH,

PLAINTEXT_LENGTH,

BINARY_SIZE,

SALT_SIZE,

MIN_KEYS_PER_CRYPT,

MAX_KEYS_PER_CRYPT,

FMT_CASE|FMT_8_BIT,

tests

},{

fmt_default_init,

valid,

fmt_default_split,

binary,

salt,

{

binary_hash_0,

binary_hash_1,

binary_hash_2

},

salt_hash,

set_salt,

set_key,

get_key,

fmt_default_clear_keys,

crypt_all,

{

get_hash_0,

get_hash_1,

get_hash_2

},

cmp_all,

cmp_all,

cmp_exact

}

};

最后修改john.c文件，添加我下面标注的红色字体

externstructfmt_mainfmt_DES,fmt_BSDI,fmt_MD5,fmt_BF;

externstructfmt_mainfmt_AFS,fmt_LM;

externstructfmt_mainfmt_crypt;
john_register_one(&fmt_DES);

john_register_one(&fmt_BSDI);

john_register_one(&fmt_MD5);

john_register_one(&fmt_BF);

john_register_one(&fmt_AFS);

john_register_one(&fmt_LM);

john_register_one(&fmt_crypt);

现在可以编译了，选择好你的平台和CPU类型，能够提高破解速度，我这里用的是linux,X86架构，所以选择的是

linux-x86-sse2Linux,x86withSSE2(bestif32-bit)

如果你和我一样，输入下面的红色字体

mickey@pentest:~/Pentest/crack/john/john-1.7.5/src$makelinux-x86-sse2
现在实践下，可以发现能够破解了
 