1.0 - Intro
Linux- sometimes referred to by the press as 'Windows NT's worst enemy'. Wired Magazine once called it 'The greatest story never told'. This is a perfect definition because the story behind Linux is indeed a great one, yet it is unknown to so many people. Let's start at the beginning.
Back when 'Stayin' Alive' was still topping the charts, and Microsoft was a spec in the world of computers, AT&T produced a multi-user operating system and labeled it 'UNIX'. Throughout the years, UNIX caught on and many different versions of it began to come out. A popular one, called 'Minix' (mini-UNIX) was available for use at The University of Helsinki in Finland. A student at the University named Linus Torvalds believed he could create an operating system superior to Minix. In 1991 he started his new operating system as a side project, but it soon developed into a full-time hobby until 1994 when the first official version of the operating system was released.
You're probably now saying 'so what's the big deal about Linux? Isn't it just another operating system?' Absolutely not! First of all, Linux is released under something called 'open source license'. Open source is really more of an idea than a thing. Linux is released with all the source code and files that it was made with. This means a few things. Anyone who is good at programming can mess with the Linux code and release his own version of it. This also means that even though if you buy Linux in a store it will cost money, you're not paying for the actual Linux itself. Your money goes to the price of packaging, the extra software that comes with the operating system, and technical support. The second, and most important reason that Linux is a big deal is because it's a much more stable operating system than Windows. It runs on any system; even bottom of the line 386's from before Linux even came out. Programs running under Linux almost never crash, and in the off chance that one does because of bad programming by the program author, it will not take the operating system down with it. Another important reason Linux is good is that it is secure. It is much harder to bring down by a hacker than Windows is (for further reading, read the 'Basic Unix Security Guide' by R a v e N at blacksun.box.sk). This is just an extremely short list of the reasons why Linux is so great. For further reading check out
www.linux.org
This tutorial is for Windows users who want to migrate to Linux. This is written for Redhat or Mandrake Linux (the two most easy-to-install and user-friendly Linux distributions), but the information here will most probably help you with whatever distribution you are using. The only problem with this is that Mandrake and RedHat are relativley simple to install, and some other distrobutions are much more complex. I highly suggest you buy Linux-Mandrake rather than RedHat. Mainly because it is cheaper and comes with more software, but as you read through this tutorial, you'll see more reasons why I recommend Mandrake.
The first thing you're going to have to do with your new operating system is install it- but you can't do that so quickly.
2.0 - Preparation
If you already have Microsoft Windows on your system and you want it to co-exist with Linux, you are going to have to create another hard drive partition. What a hard drive partition is a totally separate part of a hard drive. If two hard drive partitions weren't physically part of the same disc, they would be two different hard drives. Anyway, the reason for this is that Windows and Linux are totally different in the way they access hard drives and handle files. If they are using each other's hard drive space the two operating systems can conflict and cause major problems for your computer. Well, as I was saying, you need to create a hard drive partition reserved for Linux. There are MS-DOS programs that do this, but
they are "lethal" partition making programs. By this I mean that while making a new partition, they can destroy or at least corrupt files on another partition. If you want to make a partition for Linux, without killing your Windows files you need a "non-lethal" partition program. If you get Linux-Mandrake, a "non-lethal" partition program is included with it (this is just one of the reasons why I recommend Mandrake over RedHat).
Well with all this talk of partitions and hard drives, you must be wondering roughly how much hard drive space you'll need for Linux. If you want the complete system with everything, you'll need about 1.5 gigabyte+ hard drive space. However it is possible to productively run a full Linux distribution (there are "miniature" Linux distributions that range from around 2 to 35 megabytes, and there's also Trinux, which runs from two 1.44MB floppy disks! Get it from www.trinux.org) to with as little as 150 megabytes. Trust me, you don't want EVERYTHING. Linux comes with tons of software you'll probably won't need. For example: Linux comes with a variety of network servers - a web server, a Sendmail server, a telnet server, an FTP server etc'. If you choose not to install something and then regret, you can still get it later off the original installation CD.
So anyway, if you have sufficient hard drive space, and a "non-lethal" partition program, you're ready to proceed to the next step: installation.
***Even if you're using a "non-lethal" partition program, I suggest you backup your Windows files just in case something goes wrong.***
3.0 - Installation
Now that your computer is ready for Linux, you're ready to install it. When you bought the software, it probably came with a few CD's and a disk.
The disk is boot disk for the Linux installation program. You pop in the disk, reset your computer, the installation program begins, and you're ready to install Linux. The only thing is that the installation program will take a while to load since it's from a disk.
**The stuff on the disk is probably just a duplicate of some of the stuff on the first CD. If your computer is capable of booting from a CD (and most newer ones are, otherwise, check your manual) then instead of putting the disk in your computer then rebooting, put in the first CD as it will load much quicker. Of course, you'll need to mess with your BIOS configurations first, but that's no big deal. Hit del when your computer boots up (after it tells you how much RAM you have) and mess around with it until you can find out how to make your computer attempt to boot from your CD drive first. This differs from different BIOS systems.**
3.1- Ok..You're finally ready to install Linux.
The first few questions the install program asks you are self explanatory, just things like your language and stuff. One thing you might get stumped on is when you are prompted on whether you have any SCSI adapters or not. An SCSI adapter can be anything such as a mouse, printer, scanner, etc. It all depends if you have an SCSI controller. Chances are, you don't have any SCSIs, but check your manual to be sure. Also, if you are completely sure that your copy of Microsoft Windows is properly-configured, you can quit the installation program at any time, return to Windows, run control panel, click on system and find out all the information you'll need about your system's hardware.
3.2 - More Partition Stuff
The next thing you might have trouble with is a dialog box that appears asking you some questions about your hard drive partitions. The name of the dialog box should 'Disk Setup'. There should be three buttons on the bottom of the box. One labeled 'Disk Druid', another labeled 'fdisk', and the last is the back button. Since you already set up your partitions, select 'Disk Druid'. If you originally only had one partition with windows, then the top of the screen should look something like this:
Mount Point Device Requested Actual Type
hda1 ??MB ??MB Win95
hda2 ??MB ??MB Linux Swap
hda3 ??MB ??MB Linux Native
Mount point should be blank.
'Device' is the name of the partition
'Requested' is the amount of hard drive space you wanted for the partition
'Actual' is the amount of hard drive space that is really in the partition
'Type' is what's in the partition
**The 'requested' and 'actual' sections for the 'Linux Swap" type should be the amount of RAM you have.**
**It looks confusing, but in reality if it is simple. Don't worry if your screen doesn't look exactly like my diagram, it probably won't.**
What you should do now is select the 'Linux Native' section (by pressing tab to get to that part of the screen, then using the arrow keys) and then press tab again until the 'edit' button is highlighted. Pressing spacebar will bring up another dialog box. In the space provided, put a slash (/) then press OK. Now you're back at the main screen. Press tab to get to OK, and then press spacebar.
**what you're actually doing here is telling the computer to put the root directory, signified by the slash, in the Linux Native partition. The root directory '/', is similar to 'C:\' in DOS/Windows.**
Next you come to a screen asking which partitions to format. Select the one that 'Linux Native' is in. You should select the '/dev/xxxx/' partition where 'xxxx' is the name of the device that the Linux Native partition is under. This is where you put the '/' on the last screen. If the Linux Native partition device was hda3 then choose '/dev/hda3', if it was hda6, then choose '/dev/hda6', you get the point.
**IT IS VERY IMPORTANT THAT YOU DO NOT SELECT THE WRONG PARTITION TO FORMART!**
3.3 - Selecting What to Install
Suppose you had three hard drives on Windows - c:\, d:\ and e:\, and you want to install Linux on d:\. Windows assigns the letter c to the first hard drive it finds that has a DOS/Windows file partition, d to the second DOS/Windows-compatible hard drive etc', so this might help you out determining which device to choose. Also, if you turn d:\ into the Linux hard drive, it will disappear from DOS/Windows, and e:\ will turn into d:\.
You're not finished yet, but take a sigh of relief, the hardest part is over. Next comes the screen asking which packages to install. Some of the most important ones are selected already. If you have a lot of hard drive space, select all the other packages. Otherwise, just select the others that you think are important. Definitely select 'KDE' and 'GNOME'. Those are window manager programs for the X-Windows system (a GUI - Graphical User Interface), and we'll deal with them later. Anyway, newer versions always come with new software and/or updates for old software.
Press OK and the Linux installation begins!
3.4 - Misc. Configurations
After everything has been installed, you are prompted for more things. The first should be what resolution your monitor is. Most people would like to use the same resolution they use on Windows, so if you don't know which resolution you were using until now, switch back to Windows, right-click on your desktop area, click properties and find the settings tab. You should see your current resolution there. This would probably be the same resolution you would want to use on Windows. If you want a higher resolution, consult your monitor's manual to find out how high you can go.
Next is the mouse configuration. If your mouse is not on the list, select 'Generic PS/2 Mouse'.
There are more such as clock set and time zone but those are self-explanatory. After this, comes the services screen. These are the things that will startup when you run Linux. Then it will prompt you for if you want the X-Windows interface to run when you start Linux. If you are a Linux newbie (and you probably are, unless you weren't reading this guide), I suggest you do this. X windows is the GUI system, as explained before.
The last configuration is the printer. This is self-explanatory.
3.5 - Configuring Users
Ok...you're almost done; the configurations are pretty much finished. Now you will be prompted to create a password for the root operator. Even though it is still very popular on single home users, Linux is a multi-user operating system. Even if you'll be the only person using your computer, having a multi-user system is quite benefical. For example: you can use a less-privileged user to prevent yourself from doing stupid things and messing things up. You can run sensitive software which can be broken to (say, some sort of a server. For example: a Sendmail server for outgoing mail if you're planning to let people sent mail from your machine, or a web server if you want to serve a website off your computer) as a less-privileged user, so if someone will manage to exploit some hole in this software, he will have very limited privileges (up to what the program needs to run properly) and he won't be able to do much, or nothing at all in most cases (he won't have read access to password files, he won't have write access to the website's files so he won't be able to alter them etc'). On any UNIX-based system (and there are many) the main user is called 'root'. The root has supreme power over the system and supreme power over all the other users. In fact, he has unlimited power (unless he or another root-privileged user chooses to impose access limits, but root-privileged users can always restore their rights to the fullest).
My root password is a particularly simple one. Mainly because I am the only one who uses Linux on my computer (and besides that I trust my own family!) and that my Linux system is not connected to the Internet (so hackers [or crackers I should say] would have no way to get into my system). Make your password anything not to complicated that you'll forget it, but something that is very hard to guess.
After you're done making a password for the root user, you're prompted to create an unprivileged, or ordinary user account. You make the user name, credentials, and password. It may seem pointless at first to create another user- especially an unprivileged one if you are the only one who is going to be using Linux. However there is a big advantage to it. As a root user, you can do anything to the system, including seriously messing it up. Nothing will stop you because you are root. An ordinary user account is like security so if you mess up, the system will stop you.
3.6 - Booting Configurations
Next you are asked if you want to create a boot disk. I strongly recommend this because it will put the Linux boot stuff on the disk, not your computer. If you put the Linux boot stuff on a computer with windows, it may conflict with the windows boot stuff in case you ever reinstall Windows (go to blacksun.box.sk/byteme.html and read #18 for a good example).
The Linux 'boot stuff' I'm talking about is a program called 'LILO'. That's short for 'Linux Loader'. Anyway LILO installs itself to the boot sector of the computer. The problem is that Windows also installs stuff to the boot sector. LILO can install over Windows and let you choose to either boot up Linux or Windows whenever you start up your computer. If you choose Windows, it'll use Windows' "boot stuff".
Anyway, in my opinion, when the install program asks you to create a boot disk, click Ok, then follow the directions to create a boot disk. Oh yeah, by the way, when you make a boot disk, it puts LILO on that disk. When it asks you to install LILO, just press Skip (unless you want to install LILO, which most users will).
Congratulations! You're done installing Linux! When the installation program ends, take the installation boot disk out of the drive. If you booted the installation from CD, don't forget to take that out too.
4.0 - Running Linux
I bet you're glad to finish that installation! Now you're finally ready to run the system. If you decided to create a boot disk, insert that into the disk drive. If you decided to install LILO, just sit tight for now. Regardless of what you did, reset your computer. If you used LILO, you will get a prompt to load Linux or Windows. If you used a boot disk, the
system will startup automatically.
After the system starts up, the will get prompted for a user name and password. This will look different depending on how you configured it in the installation. If you chose to start the X Windows GUI automatically, the username and password screen will look like it does in Windows (well, sort of. X-Windows is much cooler, unless you're using some lame version of it or some lame window manager). If you chose not to load the X Windows interface at startup (like most advanced users will), you'll be presented with a text-based interface. The text-based interface (the command console) is much faster than the graphical system, but this also means you cannot view any graphics until you start X-Windows (this is a good time to mention that most people just call it X). Anyway, you can always run a command console from an X window (usually called an "XTerm", which stands for X Terminal). Anyway, the login screen will look pretty much the same regardless of whether you are using RedHat or Mandrake.
If you're wondering what to type in the username box, that's easy. Your username is 'root' (remember?). The password is the one that you selected at installation.
5.0 - Using Linux
5.1 - Intro To The Console
Even though you'll probably be able to do everything with ease using the X Windows GUI, there is still some stuff you should know. First off, don't rely on a GUI for everything! That is very important because you will learn a lot by using the console. The console is more powerful and can do a lot of things you would REALLY like if you'll just grab a good basic Unix book and start learning. After you do, you'll find yourself often opening an XTerm window to run some console commands which you cannot run from X. If you selected to start the GUI interface when Linux loads up, there are still lots of ways to get to the console.
The console prompt should look somewhat like this (if you're logged in as root):
[root@localhost.localdomian]#
The first part identifies who you are, and the '#' is the actual prompt. Any almost and UNIX type system, the '#' means you are root. On non-root bash consoles (BASH - Bourne Again Shell. BASH is the most popular text-based shell. Confused? Don't worry, we'll get to that in a second) this will be replaced with a $. Anyway, you can change the prompt, but we won't get into that now.
5.11 - Shells
You use a shell everytime you're in the Linux console. What a shell is, is the program that communicates between you and the Kernel (the kernel is the core of the system). Let's think of it as an interpreter for for two people who are trying to have a meeting, except they don't speak the same language. One speaks English and the speaks, oh let's say Hebrew (about half the members of Black Sun Research Facility (blacksun.box.sk if you don't know the URL yet. Also, if you havn't noticed, I'm a member of BSRF) are from Israel). To communicate with each other they need a guy who speaks both English and Hebrew. If the English guy wants to tell the Hebrew guy something, he tells it to the interpreter in English, and then the interpreter tells it to the other guy in Hebrew, and vice versa. Well anyway, getting back to the subject, this is the case with Linux. Your language is the Linux commands, and the Kernel speaks it's own very complex language. When you want to talk to the Kernel, you tell shell in your language, and the shell tells it to the Kernel in it's language. On any Linux system, there a few shells. Some of them are:
ash
bash
bsh
csh
tcsh
zsh
The most popular and powerful shell is 'bash' (borne again shell). We won't go that much into shells, because you don't need to know that much about them just yet.
5.2 - Navigating The File System
The most important thing to know when using the console is how to navigate the file system without a graphical program.
The first thing to understand about this is that the bottom directory, the directory that everything else is a subdirectory of is '/'. It's like 'C:\' in Windows.
Ok, you start at the console and as a default you're either in your home directory (every user has a home directory which contains his personal configurations files). Now you want to navigate to another directory. But wait, you don't know any other directories! You'll a directory listing for this, right? To do this type 'ls' at the prompt. 'ls' is the equivlant to 'dir' in MS-DOS, and stands for list. You'll get a list of files and folders. To make the list a bit more readable, try ls -Fla. The -a shows files which start with a period (for example: .Xclients-default). The -l displays file permissions and displays everything in neat columns. The -F option adds a / after a directory and a * after an executable file. I also
suggest using ls -Fla --color to let the system color-code different files (may not be available on some systems).
Anyway, now that you what directories there are, you need to know how to get into them. Luckily, you use the same command as you you use in MS-DOS, the 'cd' (change directory) command. Let's say you're at the bottom directory, '/' and you want to get to '/root'. You simply type 'cd root'. There is no need to type 'cd /root', because you're already in '/'. Now let's say you want to get to '/root/bin'. This would be done by typing 'cd bin'. There is no need to type 'cd /root/bin' (the "full path" of the directory), since you're already in '/root'. Instead, you can use a "relative path", which is a path that is relative to the current directory you're in. Type pwd to find out where you are (pwd stands for print working directory).
Now let's say you're in '/root/bin' and you want to get to '/usr'. You would type 'cd /usr'. This is to signify that the 'usr' directory is under '/', not '/root/bin', or even '/root'. Got it? Ok, just one more thing. If you're in a subdirectory, and you want to get to the top directory, just type 'cd ..'. Let's say you're in '/root/bin', and you want to get to '/root'. You could
just type 'cd /root', but hey, '/root' is five characters! If you want to save precious miliseconds, just type 'cd ..', since '/root' is the directory in which '/root/bin' is a subdirectory of. So in other words, . is the current directory, .. is one directory above, ... is two directories above etc'.
5.3 - Basic File and Directory Commands
There are lots of file and directory commands in Linux, but we'll start with directory commands because they're easier. First off, you have 'mkdir'. 'mkdir' stands for make directory and the context is:
mkdir the_directory_you_want_to_make
Some rulse apply. If you're '/', it will make the new directory under '/'. If you're in '/usr', it will make the directory under '/usr'. Of course though, if you're in '/' and you want to make a directory called 'stuff' under '/usr', you would simply type '/usr/stuff'.
The next command is the 'rm' command. It works with files and direcotires and is used to delete some, it stands for 'remove'. If you want to remove a file called 'this.gif', you would go to the directory where that file is and type 'rm this.gif'. Or let's say again you're in '/' and 'this.gif' is in '/usr', you would type 'rm /usr/this.gif'. It works the same way
with a directory.
Next are the 'cp' and 'mv' commands. They're both relativley simple, but we'll start with 'cp'. 'cp' stands for copy, and is used to copy a file from directory to another. The context is:
cp /directory_where_it_is/filename /directory_where_you_want_to_copy_it
Of course if you're already in the directory where the file is, all you need to type is:
cp filename /directory_where_you_want_to_copy_it
'mv' works the exact same way, except it moves the file instead of copying it. This means it deletes in from the original directory and puts it in the new one.
5.4 - Finding and Viewing Commands
To find a file, oyu use the 'find' command. It then followed by the directory where you want to start looking, then the '-name' arguement to say that you're searching for a filename. Next you type the name of the file. Let's say you're looking for the 'this.gif' in the '/usr' directory, the context would look like this:
find /usr -name this.gif
The find command doesn't stop at filenames, it can also search a file for a paticular string of text. It has the same context as the find file command except you put quotes and asteriks around the string of text. So if you wanted to search the '/usr' directory for a file containing the string 'hello', you would type
find /usr -name "*hello*"
Ok, once you find a file, you want to view it right? Well, you could open the file with a text editor, but we haven't learned to use tetx editors yet, and anyway if the file you want to view is important you might accidently change it and save it using a text editor. That's what the 'cat' command is for. Let's say you want to view a file called 'stuff.txt' in '/root'. You would navigate to the '/root' directory and type 'cat stuff.txt'. Or from any directory, type 'cat /root/stuff.txt'
-= For more commands, buy a good basic Unix book =-
5.5 - linuxconf
There are lots of commands in Linux for configuring everything to user passwords, networks, and the message that comes up when you start Linux. With so many things to configure, luckily there is one program that does it all.
Just type 'linuxconf' at the command prompt, and you'll be brought to the Linux Configuration program.
5.6 - Mounting
5.61 - Mounting Drives
In Linux, drives not only have to be physically mounted to the computer, but mounted in software too. In the KDE and GNOME GUIs, you can easily mount a CD-ROM or disk drive by clicking on the 'CD-ROM' or 'Disk Drive' icons on the desktop.
5.62 - How to mount
Remember earlier in this tutorial when we went over how a hard drive partition is almost like a separate hard drive? Well, just like a separate drive, partitions also have to be mounted. The main use in this is being able to
mount Windows partition and access Windows files in Linux. Obviously, Windows software will not run under Linux but there is still a use for accessing Windows files in Linux.
Let's say you can't use the internet in Linux. You ISP only allows to dialup with software and they don't make it for Linux, you're not used to Linux yet so you don't want to use the net in it yet. This is a down point, but it doesn't mean you can't download Linux files to use. All you have to do is download the files in Windows and access them in Linux.
To mount a windows partition in Linux, yhe first thing you must do is create a directory in Linux where you will mount the windows partition to reside. Go into file manager (it should be under utilities no matter what distribution you're using) and create a new directory under '/'. Call anything, I suggest calling it 'windows'. Now exit file manager and go
into 'terminal' (should also be under utilities). Terminal will give you a command prompt just like MS-DOS. This is what you would have to do everything from if there were no X Windows GUI. The command to use is simply enough- 'mount'. But don't type it just yet, you need to give the system more info. The full command is
mount -t vfat /dev/xxxx /yyyyyyy (yes there is a space between 'xxxx' and '/')
Or mount -t vfat32 /dev/xxxx /yyyyyyy in case this is a FAT32 partition.
Where 'yyyyyyy' is the directory you just created, and 'xxxx' is the device name of the partition where Windows resides. It is usually hda1 or something.
There, now just go into file manager and click on the directory you created and you will have all the files that are on your windows partition.
When you're done, don't forget to unmount the drive by typing:
umount /dev/xxxx /yyyyyyy
Each time you want to access your windows files, just mount the partition (unless they're set for automount. Edit /etc/fstab, find the line that represents your Windows partition and look for a place with says noauto. If you find the word noauto, change it into defaults. If you don't, your Windows partition will probably get automounted whenever you boot-up Linux). When you're done with them, just unmount the partition.
5.7 - Runlevels
While Windows is booting, have you ever pressed the F8 key? Well, if you have, you're probably familiar with a screen that pops up giving you a list of ways you can load Windows. There's safe mode, command prompt, step-by-step confirmation, etc. Linux has something just like that, and they're called 'runlevels'. There are six runlevels in all, and some are pretty much the same. A runlevel is a list of commands to load-up as soon as you start up Linux (there's a mini-tutorial about runlevels at blacksun.box.sk/byteme.html). Your default runlevel is probably 5. If you configured the GUI to start up when you boot the system, and if your default runlevel is 5, then that is the runlevel configured to boot the GUI when it starts up...simple, right?
Well anyway, if you use linuxconf to change your default runlevel to 2 or 3 or something, then you change it so that the GUI won't start as soon as the system boots....all without touching the actual runlevel. When you want to change it back, just use linuxconf to set the default runlevel back to 5.
Now let's say you only want to load it without the GUI coming up once. Instead of having to change the configuration in linuxconf, and then changing it back, you can load Linux into another runlevel. Suppose You want to load runlevel 2...not for any paticular reason, just because it's not configured to load the GUI when it boots up, and well, you like the
number 2. To do this, as soon LILO comes up (whether it's on your computer, or your boot disk), you have the option to type something next to 'boot:'. Just type 'linux x'. 'x' refers to the number of the runlevel, in this case the number 2, so you type 'linux 2', and press enter. This will load Linux without loading the GUI. When you restart Linux, it will load the default runlevel again.
For an interesting runlevels-related local hack, read the Byte-Me mini-tutorial about runlevels at blacksun.box.sk/byteme.html.
You are now officially a Linux user. Check out www.linuxlinks.com for links to some great Linux sites. The best way to learn about Linux is by messing around with it. In an hour of playing with Linux you can learn a lot
Cracking Unix password
First thing's first
I guess you're a newbie in pass-cracking like I was and you've probably started John the Ripper full of enthusiasm, and got.... nothing. So the first thought you have is 'my god this must be hard, and I'm a newbie'. Forget it!!! You're always a newbie, and we all are... in pass cracking world, pardon, pass recovering world (or any world else) you always have something to learn. Sometimes, even if you are experienced in password cracking, you won't be able to crack the password or even get your own password. This is a pure technical manual and will give you only the recipe for cracking, but every password needs different approach...
OK, so a good way to get somewhere is to start getting somewhere...
What you're about to learn is to crack *nix(Unix/Linux/etc.) password files. It does not mean that you need to have some Unix distribution on your box, but it means you'll have to stop clicking your ass off all around the screen... 'What this fool is trying to say', you'll probably ask... This fool is trying to say that john is a DOS program (there is also Linux/Unix version, but I guess that most of the people that read this tutorial have win boxes). I will try to put this tutorial through the examples so it wouldn't look like a boring script with incredible amount of switches. After reading this text it wouldn't be a bad idea to look at the texts you get with John. I learnt it all from there, but that, of course, was the hard way, and you want the easy way, right? Right.
First, it wouldn't be a bad idea to get yourself John the Ripper, I guess... if you don't have it you can find it at:
1) packetstorm.securify.com (look at archives, password cracking)
2) neworder.box.sk (do some searching by yourself)
John can be found practically anywhere. For example: try going to altavista.com and running a search for 'john the ripper'.
Second thing you'll need is.... a HUUUUGE amount of password dictionaries (I'll explain what these are in a minute). The best dictionary around is at www.theargon.com and packetstorm (look at the archives) and is called theargonlistserver1 and is about 20Mb packed, and over 200Mb
unpacked... get it!!!! The people at theargon did a terrific job.
You should also get some smaller dictionary files (I'll explain why later).
2) Do we look like *nix?
So now you have john, loaded with that huuuuge pass dictionary, and you think that you can crack anything... If you plan to live for 100000 years, that wouldn't be a problem, but you only have some 80 years left in the best case scenario (unless, of course, scientists find a way to... oh, nevermind).
Now, the first thing is that you have to make sure your password file really looks like a Unix password file (were talking about the /etc/passwd file).
Let's see how Unix pass files look like
owner:Ejrt3EJUnh5Ms:510:102:Some free text:/home/subdir/owner:/bin/bash
The important part is the username and the encrypted password, which are the first and the second parts (each line is divided into seven parts by : symbols)
owner:Ejrt3EJUnh5Ms
Owner is the username and 'that other thing' is the crypted password (encrypted in altered DES (Data Encryption Standard) encryption). For the other part you can put anything that looks like that but the structure must be same so the john could recognize it as unix pass. In fact the other part
:510:102:Some free text:/home/subdir/owner:/bin/bash
Is just some information about the user, his home directory, etc...
Sometimes you'll have passes that have only the first and second part, such as password files that you got from a webboard running matt's web board script.
owner:Ejrt3EJUnh5Ms
You'll have to put the other part so that password would look like unix pass, and you can do a copy-paste from another pass, you can even use
:510:102:His name:/home/subdir/owner:/bin/bash
What you have now should look like:
owner:Ejrt3EJUnh5Ms:510:102:His name:/home/subdir/owner:/bin/bash
Hell, you can even put
owner:Ejrt3EJUnh5Ms:a:a:a:a:a
It won't matter to john at all.
3) We're getting somewhere... nowhere
Now you're ready to crack. Type in
john -w:words.lst password.file
Where words.lst is password dictionary and password file where you have your password or passwords. If you use it on example i gave to you you'll probably get password because it's really weak pass. You'd be surprised to see that people usually use really weak passes like their names, pet names, or even their username (for example: username=zalabuk, password=zalabuk).
Hint: Don't be stupid! Use strong passes like
p4sswr!@
p@s$w11s
with as many characters you can remember. Hint is to use special characters and numbers those passes are much harder to crack (I'll explain why in a minute).
The other hint is to use passes as long as you can remember, 8 characters are sometimes not enough... it depends what box that someone who cracks has... on dual alpha is certainly not enough... in other words... more than 10 characters will do fine, even more wouldn't hurt (like 16...). By the way, older *nix have fixed pass length of 8 chars... that is old DES crypted pass that uses a 64-bit key... now there are 128-bit keys, and some perverts use even more, so there is more fun now :)
john -w:words.lst password.file
Wait wait wait! What am I doing here?
Alright, listen up carefully. The DES encryption that Unix uses CANNOT be reversed. Some encryptions can be reversed using a sometimes simple or sometimes incredibly complicated algorithm (in the 3rd century AD, Ceasar used to send encrypted letters which used a formula of "shift by three", which means that d stands for a, e stands for b etc'. At that time, such an algorithm was just fine. Today, it isn't).
So anyway, the altered DES encryption that Unix uses for it's password files cannot be reversed. Why? Because it's a key-based encryption. The encryption algorithm uses a bunch of letters (lowercase and uppercase), numbers and symbols within the algorithm. So, in other words, to run the decryption algorithm you will need this key, which you simply cannot just have, because the key is the password! You see, when a user picks a password, the system generates an encrypted password for him, called a hash (which is what you get when you somehow acquire a password file), which is created by running this altered DES algorithm using the user's password as a key. If you try to decrypt the password using standard reversable DES encryption, you get a null string.
So how do John and other password crackers do it? Easy. They try to recreate this process by taking passwords out of these dictionary files (or wordlists) and using them as keys for this altered DES algorithm process. Then, they compare the result to all the encrypted passwords within the password file you've given them. If the two strings match - there you have it! The password is yours!
If the first step doesn't work, the next step would be to do this:
john -w:words.lst -rules password.file
This switch turn on not only browsing through the dictionary, but it uses some modifications of the words that are word dictionary (like adding a number at the end of pass - fool -> fool1, etc' etc'). This one will take long with huge pass dictionary, but it may give better results... For a start you could do a try with a small pass dictionary, and if it doesn't works you can try it with a huge pass dictionary.
Sometimes people are not stupid when they choose passwords and basic rules won't do a job... aaargh. As you've seen it takes more and more time for your CPU to crack this thing out as we go further. Now you can leave your computer on and go to sleep....
If you want to get even more possible passwords out of your password file, try typing
john -i password.file
This -i stands for incremental cracking, not a really good word for it, but...
Okay, what the hell does it do? It uses the default incremental mode parameters, which are defined in john.ini.
What does this mean? Do you remember -rules? Yes, well, of course you do, unless you're either incredibly senile or you've stopped reading after this part and only came back, like... a couple of years later. That is very much like rules, but much much more powerful than -rules, and it takes much, much more time.
4) So where are we now (dictionary vs. brute-force)?
You can see that in all cases you use so-called dictionary cracking... but hell, why not just run John on a mode where it tried all possible combinations of lowercase and uppercase letters, numbers and symbols? I mean, this would be much more efficient, right? ... WROOOOOOONGG!!!
This method is called 'brute-force' attack (basically, dictionary attack is also sort of brute-force attack, but most people use the word brute-force for this specific attack).
What are the differences? First and most important, with dictionary you go through the selected words that could be passwords and their modifications, and with brute force cracking you use ALL possible combinations. That means you have
comb=nrch^let
where:
comb - number of possible combinations
nrch - number of chars
let - number of letters used
In case you're dealing with john's default -i 95 character set and, presume, a 6 letter password you have possible 735091890625 combinations! OUCH!!
Sure, this is useful for passwords like 2405v7, but still... with the computational powers of today's modern PC, I'd just give up, unless I had access to some University's supercomputer, which I'd bet noone would ever give me (well, at least not for free, and certainly not to run a password cracker on it).
As you can see it can take a looooong time until you crack a single one pass, do a little math and try to calculate how many possible combinations there are for 10, 12 and 16 chars.
I don't think you'll like the answer :)
Of course, sometimes dictionary attacks are not enough, but john has very powerful 'thinking'. In 'incremental' mode john will do all possible combinations from 0 to 8 characters (by zero password length is considered a hashed empty string, this sometimes happens). So incremental mode is one sort of brute-force attack in some way...
If you want to fire all weapons at one then you use
john password.file
this will do first basic dictionary attack, then -rules, then -i
5) What if...
Ok, you have to turn off your box from time to time, don't you? If you're doing that haaard password that will take more than 20 hours of cracking you can set john with ctrl+c and then resume with
john -restore
If your box crashes or if there's a power failure, you won't be able to restore your cracking sessions (sometimes)... well that's just too bad. Hell, it happened
to me once :-(
John is modular, and that is the most powerful thing about john the ripper, and that is what makes john the most advanced password cracker. John is very, very modular. John uses modes that are described in john.ini (do you still remember that incremental cracking i was talking about? Modes for rules and incremental are described in john.ini).
If you're some inventive guy then you may change the parameters in john.ini.
Here is example how some default parameters for -i look like:
# Incremental modes
[Incremental:All]
File = ~/all.chr
MinLen = 0
MaxLen = 8
CharCount = 95
Ok... what do we have here?
[Incremental:All] - this stands for the beginning of the definition for the -i:all switch
File - filename of file that has characters used in mode -i:all (whole character
set)
MinLen - logically, minimum length of password that john -i:all would try
MaxLen - even more logical, maximum length of password that will john -i:all try
CharCount - number of chars used by john when you 'turn on' this switch
So, there are some more switches... heh
Yes there are and down there are all default modes pasted from john the ripper's documents:
John the Ripper's Command Line Options
You can list any number of password files on John's command line, and also
specify some of the following options (all of them are case sensitive, but
can be abbreviated; you can also use the GNU-style long options syntax):
single "single crack" mode Enables the "single crack" mode, using rules from [List.Rules:Single].
wordfile:FILE wordlist mode, read words from FILE,
stdin or from stdin These are used to enable the wordlist mode.
rules enable rules for wordlist mode Enables wordlist rules, that are read from [List.Rules:Wordlist].
incremental[:MODE] incremental mode [using section MODE] Enables the incremental mode, using the specified ~/john.ini definition (section [Incremental:MODE], or [Incremental:All] by default).
external:MODE external mode or word filter Enables an external mode, using external functions defined in ~/john.ini's [List.External:MODE] section.
stdout[:LENGTH] no cracking, write words to stdout When used with a cracking mode, except for "single crack", makes John print the words it generates to stdout instead of cracking. While applying
wordlist rules, the significant password length is assumed to be LENGTH, or unlimited by default.
restore[:FILE] restore an interrupted session Continues an interrupted cracking session, reading point information from the specified file (~/restore by default).
session:FILE set session file name to FILE Allows you to specify another point information file's name to use for this cracking session. This is useful for running multiple instances of John in parallel, or just to be able to recover an older session later, not always continue the latest one.
status[:FILE] print status of a session [from FILE] Prints status of an interrupted or running session. To get an up to date status information of a detached running session, send that copy of John a SIGHUP before using this option.
makechars:FILE make a charset, overwriting FILE Generates a charset file, based on character frequencies from ~/john.pot, for use with the incremental mode. The entire ~/john.pot will be used for
the charset file unless you specify some password files. You can also use an external filter() routine with this option.
show show cracked passwords Shows the cracked passwords in a convenient form. You should also specify the password files. You can use this option while another John is cracking, to see what it did so far.
test perform a benchmark Benchmarks all the enabled ciphertext format crackers, and tests them for
correct operation at the same time.
users:[-]LOGIN|UID[,..] load this (these) user(s) only Allows you to filter a few accounts for cracking, etc. A dash before the list can be used to invert the check (that is, load all the users that aren't listed).
groups:[-]GID[,..] load this (these) group(s) only Tells John to load users of the specified group(s) only.
shells:[-]SHELL[,..] load this (these) shell(s) only This option is useful to load accounts with a valid shell only, or not to load accounts with a bad shell. You can omit the path before a shell name, so '-shells:csh' will match both '/bin/csh' and '/usr/bin/csh', while '-shells:/bin/csh' will only match '/bin/csh'.
salts:[-]COUNT set a passwords per salt limit This feature sometimes allows to achieve better performance. For example you can crack only some salts using '-salts:2' faster, and then crack the
rest using '-salts:-2'. Total cracking time will be about the same, but you will get some passwords cracked earlier.
format:NAME force ciphertext format NAME
Allows you to override the ciphertext format detection. Currently, valid
format names are DES, BSDI, MD5, BF, AFS, LM. You can use this option when
cracking or with '-test'. Note that John can't crack password files with
different ciphertext formats at the same time.
savemem:LEVEL enable memory saving, at LEVEL 1..3
You might need this option if you don't have enough memory, or don't want
John to affect other processes too much. Level 1 tells John not to waste
memory on login names, so you won't see them while cracking. Higher levels
have a performance impact: you should probably avoid using them unless John
doesn't work or gets into swap otherwise.
6) Tips
I) A good schedule to do your cracking job is
john -w:words.lst password.file
john -w:words.lst -rules password.file
john -w:words.lst password.file
john -i:digits password.file
john -i:all password.file
II) If you have a file that has only passes that look like
owner:*:510:102:His name:/home/subdir/owner:/bin/bash
you have a shadowed passwords file.
Go to the Byte-Me page at blacksun.box.sk and try to find out more about
password files (I'll leave it up to you to do this. It's important that you'll
learn how to find things by yourself).
III) You have some little tools that you get with john, they are all
listed below (from john's docs)
unshadow PASSWORD-FILE SHADOW-FILE
Combines the passwd and shadow files (when you already have access to
both) for use with John. You might need this since if you only used your
shadow file, the GECOS information wouldn't be used by the "single crack"
mode, and also you wouldn't be able to use the '-shells' option. You'll
usually want to redirect the output of 'unshadow' to a file.
unafs DATABASE-FILE CELL-NAME
Gets password hashes out of the binary AFS database, and produces a file
usable by John (again, you should redirect the output yourself).
unique OUTPUT-FILE
Removes duplicates from a wordlist (read from stdin), without changing
the order. You might want to use this with John's '-stdout' option, if
you got a lot of disk space to trade for the reduced cracking time.
mailer PASSWORD-FILE
A shell script to send mail to all the users who got weak passwords. You
should edit the message inside before using.
So, that was about it... hope you've got something from this text.
Further readings: try reading ALL the documentation you get with john in the docs
directory. Maybe it's a little bit chaotic, but.... man those are the docs :)
Ohh, wait, wait!!
Remember, not all password files can be cracked! Smart admins alter the
encryption that they are using, especially when it comes to root passwords.
But there are always other ways to get passwords. These are covered in other
BSRF tutorials. Collect them all (lol) at http://blacksun.box.sk.
Hope you like
0 comments:
Post a Comment