User's Manual
Solaris 9 Security CX-310-301 52
¾ The step above creates the file passwd.guess, which john will work on to try and obtain the actual
password.
¾ Start the program running. Any passwords that are guessed are, by default, echoed to the screen
and also written to an output file in the current directory called john.pot.
¾ At any time during the run, you can press any key to see what the current status of the run is.
The following output shows an actual run:
# ./john passwd.guess
Loaded 6 passwords with 5 different salts (Standard DES [32/32 BS])
mysql (mysql)
12345678 (nopass)
guesses: 2 time: 0:00:00:02 7% (2) c/s: 26379 trying: chelary -
santand
guesses: 2 time: 0:00:00:27 (3) c/s: 22615 trying: a9 - tally
guesses: 2 time: 0:00:00:31 (3) c/s: 22653 trying: dbf - cranda
guesses: 2 time: 0:00:15:43 (3) c/s: 27337 trying: skaira - mrage
Session aborted
Notice the following from the output above:
¾ Two passwords have so far been guessed, that of users mysql and nopass
¾ It only took 2 seconds to guess these weak passwords
¾ Each status line produced details how many guesses have been successful, the elapsed time so far
as well as the current guess range
¾ The reminaing passwords being attempted are fairly secure because the utility has not been able to
easily break them
¾ Use Ctrl/C to stop the run
Limitations of Password Authentication
A password is only of any use if it is secure. Remember the social engineering tactics mentioned at the start
of this document, such as shoulder surfing, posing as a helpdesk engineer and so on – education of users is
paramount in being able to successfully defend the passwords in use on a system. If an attacker gains
access to the password list, then a cracking tool could be run for days or weeks, thereby increasing the
chances of a password being guessed.
All the defensive password techniques are useless if a user then proceeds to write their password down and
leave it on a post-it note attached to their desk!