Wednesday, January 9, 2008

Simple Linux and Unix Password Cracker Shell Script

Hey there,

I'm about "this" close to finishing my manpage creator, to compliment the manpage converter post, and should have that all set for tomorrow (can you guess I was hoping to get that out today? Work. It just gets in the way ;)

Today, I thought I'd go over a simple shell script that runs on both Linux and Unix (hopefully, pretty much any flavor) to wrap a popular password cracking program called John The Ripper, JTR from here on out, which you can download directly from this page, if you're not already using it.

JTR is something I've used almost everywhere I've worked, whether or not a separate security department existed. It seems that a lot of companies are moving away from the individual Unix and Linux shell based programs and spending all their money on graphical tools that work on the entire network but end up causing more problems than they resolve. If you're a sysadmin, you know that, when the GUI breaks, the problems always come back to you anyway :P

For the above-mentioned reason, I wrote this script (for Solaris Unix and Redhat Linux primarily) to make sure that I, and any of my co-workers, could at least have a pulse on the state of security insofar as it relates to user account passwords. Even if you don't have the authority to compel users to comply with simple standards, you can at least get to the really bad ones (username: mike, password: Mike1).

Hopefully, you'll be able to reap some benefit from this script. And you can, of course, feel free to keep sharpening those shell scripting skills by modifying this to suite your needs (For instance, my script assumes that you are using a shadow password system and that you only want to do one quick password check followed by a dictionary crack attack). If you've installed JTR in /usr/local, as I have (under the symlink directory "jtr," to help out with upgrade transitions - I also prefer /usr/local because it falls outside the directory conventions of most Unix and Linux systems - /opt, /share, etc - and is more directly portable), you shouldn't have to modify this too much.

If there's anything I'd strongly suggest, it's that you go out and find a better dictionary file than the standard "dict" file. Of course, if you modify the script to use a larger dictionary file, you can expect your execution times to lengthen as well.


Creative Commons License

This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License


# - 2008 - Mike Golvach -
# Throw this in your crontab and run nightly, or
# weekly, depending on how much crunch-time you can
# afford to take.
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

/usr/local/jtr/unshadow /etc/passwd /etc/shadow >/usr/local/jtr/passwd.1
/usr/local/jtr/john -single /usr/local/jtr/passwd.1 >/usr/local/jtr/PASSFILE 2>&1
/usr/local/jtr/john -wordfile=/usr/local/jtr/dict /usr/local/jtr/passwd.1 >>/usr/local/jtr/PASSFILE 2>&1
if [ -s /usr/local/jtr/john.pot ]
(echo "Subject: Passwords Cracked on `hostname`";cat /usr/local/jtr/PASSFILE)|/usr/lib/sendmail -t
rm /usr/local/jtr/passwd.1
rm -f /usr/local/jtr/john.pot
rm -f /usr/local/jtr/PASSFILE

, Mike