爆破root密码hash John the Ripper

官方网站：http://www.openwall.com/john/

下载：wget http://www.openwall.com/john/j/john-1.8.0.tar.gz

解压：tar -xvf john-1.8.0.tar.gz

进入src目录：

cd john-1.8.0 && cd src

root@ubuntu:/usr/local/john/john-1.8.0/src# make
To build John the Ripper, type:
    make clean SYSTEM
where SYSTEM can be one of the following:
linux-x86-64-avx         Linux, x86-64 with AVX (2011+ Intel CPUs)
linux-x86-64-xop         Linux, x86-64 with AVX and XOP (2011+ AMD CPUs)
linux-x86-64             Linux, x86-64 with SSE2 (most common)
linux-x86-avx            Linux, x86 32-bit with AVX (2011+ Intel CPUs)
linux-x86-xop            Linux, x86 32-bit with AVX and XOP (2011+ AMD CPUs)
linux-x86-sse2           Linux, x86 32-bit with SSE2 (most common, if 32-bit)
linux-x86-mmx            Linux, x86 32-bit with MMX (for old computers)
linux-x86-any            Linux, x86 32-bit (for truly ancient computers)
linux-alpha              Linux, Alpha
linux-sparc              Linux, SPARC 32-bit
linux-ppc32-altivec      Linux, PowerPC w/AltiVec (best)
linux-ppc32              Linux, PowerPC 32-bit
linux-ppc64              Linux, PowerPC 64-bit
linux-ia64               Linux, IA-64
freebsd-x86-64           FreeBSD, x86-64 with SSE2 (best)
freebsd-x86-sse2         FreeBSD, x86 with SSE2 (best if 32-bit)
freebsd-x86-mmx          FreeBSD, x86 with MMX
freebsd-x86-any          FreeBSD, x86
freebsd-alpha            FreeBSD, Alpha
openbsd-x86-64           OpenBSD, x86-64 with SSE2 (best)
openbsd-x86-sse2         OpenBSD, x86 with SSE2 (best if 32-bit)
openbsd-x86-mmx          OpenBSD, x86 with MMX
openbsd-x86-any          OpenBSD, x86
openbsd-alpha            OpenBSD, Alpha
openbsd-sparc64          OpenBSD, SPARC 64-bit (best)
openbsd-sparc            OpenBSD, SPARC 32-bit
openbsd-ppc32            OpenBSD, PowerPC 32-bit
openbsd-ppc64            OpenBSD, PowerPC 64-bit
openbsd-pa-risc          OpenBSD, PA-RISC
openbsd-vax              OpenBSD, VAX
netbsd-sparc64           NetBSD, SPARC 64-bit
netbsd-vax               NetBSD, VAX
solaris-sparc64-cc       Solaris, SPARC V9 64-bit, cc (best)
solaris-sparc64-gcc      Solaris, SPARC V9 64-bit, gcc
solaris-sparcv9-cc       Solaris, SPARC V9 32-bit, cc
solaris-sparcv8-cc       Solaris, SPARC V8 32-bit, cc
solaris-sparc-gcc        Solaris, SPARC 32-bit, gcc
solaris-x86-64-cc        Solaris, x86-64 with SSE2, cc (best)
solaris-x86-64-gcc       Solaris, x86-64 with SSE2, gcc
solaris-x86-sse2-cc      Solaris 9 4/04+, x86 with SSE2, cc
solaris-x86-sse2-gcc     Solaris 9 4/04+, x86 with SSE2, gcc
solaris-x86-mmx-cc       Solaris, x86 with MMX, cc
solaris-x86-mmx-gcc      Solaris, x86 with MMX, gcc
solaris-x86-any-cc       Solaris, x86, cc
solaris-x86-any-gcc      Solaris, x86, gcc
sco-x86-any-gcc          SCO, x86, gcc
sco-x86-any-cc           SCO, x86, cc
tru64-alpha              Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32                AIX, PowerPC 32-bit
macosx-x86-64            Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)
macosx-x86-sse2          Mac OS X, x86 with SSE2
macosx-ppc32-altivec     Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32             Mac OS X, PowerPC 32-bit
macosx-ppc64             Mac OS X 10.4+, PowerPC 64-bit
macosx-universal         Mac OS X, Universal Binary (x86 + x86-64 + PPC)
hpux-pa-risc-gcc         HP-UX, PA-RISC, gcc
hpux-pa-risc-cc          HP-UX, PA-RISC, ANSI cc
irix-mips64-r10k         IRIX, MIPS 64-bit (R10K) (best)
irix-mips64              IRIX, MIPS 64-bit
irix-mips32              IRIX, MIPS 32-bit
dos-djgpp-x86-mmx        DOS, DJGPP, x86 with MMX
dos-djgpp-x86-any        DOS, DJGPP, x86
win32-cygwin-x86-sse2    Win32, Cygwin, x86 with SSE2 (best)
win32-cygwin-x86-mmx     Win32, Cygwin, x86 with MMX
win32-cygwin-x86-any     Win32, Cygwin, x86
beos-x86-sse2            BeOS, x86 with SSE2 (best)
beos-x86-mmx             BeOS, x86 with MMX
beos-x86-any             BeOS, x86
generic                  Any other Unix-like system with gcc
root@ubuntu:/usr/local/john/john-1.8.0/src#

根据自己系统版本选择。

make clean linux-x86-64

编译成功会在run目录下生成john可执行文件。

把想破解的/etc/shadow放在shadow.txt文件夹下：

执行：./john shadow.txt

但凡是暴力破解密码，都需要一个足够强悍的密码字典。

John the Ripper的默认密码字典为run目录下的password.lst。

而密码字典的构造就看自己收集信息的能力了。