This is an old revision of the document!
Use John The Ripper to crack password hashes
prepare shadow and passwd files for john
first unshadow your passwd
and shadow
files
../run/unshadow ~/tmp/passwd ~/tmp/shadow > ~/tmp/unshadow
use john with openMP on multiple cores
export OMP_NUM_THREADS=8 john ~/tmp/unshadow
use john with multiple cores by forking the process
john --fork=8 ~/tmp/unshadow
query the results
john --show ~/tmp/unshadow
compile john with MPI support to run on clusters
ubuntu dependencies
sudo apt install libopenmpi-dev openmpi-bin
centos dependencies / preparation:
yum install openmpi-devel openmpi openssl-devel module load mpi/openmpi-x86_64
get source and compile:
wget https://github.com/openwall/john/archive/1.9.0-Jumbo-1.tar.gz tar xvf 1.9.0-Jumbo-1.tar.gz cd john-1.9.0-Jumbo-1/src ./configure --enable-mpi make -s clean && make -sj4
now run it :)
mpirun -np 8 -host localhost,localhost,localhost,localhost,localhost,localhost,localhost,localhost ../run/john ~/tmp/unshadow
to check the progress run
kill -USR1 $(pidof mpirun)
compile with OpenCL support to run on NVIDIA (and other) GPU's (tested on CentOS)
download and install cuda if you haven't already
wget https://developer.download.nvidia.com/compute/cuda/11.2.0/local_installers/cuda_11.2.0_460.27.04_linux.run sudo sh cuda_11.2.0_460.27.04_linux.run wget https://github.com/openwall/john/archive/1.9.0-Jumbo-1.tar.gz tar xvf 1.9.0-Jumbo-1.tar.gz cd john-1.9.0-Jumbo-1/src ./configure LDFLAGS=-L/usr/local/cuda/targets/x86_64-linux/lib CPPFLAGS=-I/usr/local/cuda/targets/x86_64-linux/include
the summary should show that OpenCL support is now enabled (yes)
make -s clean && make -sj4
now let's run it :) here is an example where I ran john the ripper on a server with 8x NVIDIA GeForce RTX 2080 Ti:
run/john --format=sha512crypt-opencl -dev=gpu -fork=8 ../root.unshadow
the –format
option needs to be specified in order to use the GPU at all. without specifying a format, john will always default to the CPU implementation of the crypt algo. to figure out which format to use, start john without a format parameter and then look at the output to find the crypt that was used. now run
run/john --list=formats --format=opencl
to get a list of all crypts that support opencl. if you are lucky, the one you are looking for is in there as well :)
the -dev=gpu -fork=8
options are there to use all cards in parallel. this will fork 8 individual processes each working on their own range of passwords at a time and each on a different GPU. If you have multiple hosts with GPU you may use MPI for that.
continue an interrupted session
John saves its status as it's working, so in case it crashes or you have to abort it because you need to work with your pc and don't want the cpu load on it for example, you can always resume the session and continue where John has left off.
BUT.. it is important that you specify the –restore
option, otherwise john will start over again! To avoid accidently starting over and by doing so loosing all the previous compute time, it is advisable to give each session its own session name by using the –session:<name>
parameter. By doing so, you can avoid overwriting the session in case you start another john session in the mean time.
so you would start john like this:
john --session:sess1 unshadow.txt
and then resume the session like so:
john --restore:sess1
also the other commands like for example status
accept a session name parameter:
john --status:sess1
Performance examples
if you press any key during the run, you will get a status showing you c/s (crypts per second). here are a few numbers from the systems i had access to at the moment of writing this article:
CPU / GPU | c/s rate | method used |
---|---|---|
8-core i7-8809G CPU | 7'500 | OpenMP |
128-core (2 socket) AMD ROME 7742 | 150'000 | OpenMP |
8 x GeForce RTX 2080 Ti | 8×190'000 | Fork |