UMKC Hacked!
Brian Kelsay
BLKELSAY at kcc.usda.gov
Wed Jan 14 14:34:23 CST 2004
>Of course, something like the "john" package I discovered in the Debian
>installer CDs would have been helpful to prevent that. "John" is run by
>the sysadmin, and it tries to crack user passwords and sends warning
>email to the sysadmin about users with easily-cracked passwords.
>Granted, the sysadmin was the weakest link, but still...
That would be John the Ripper, right? Although you may call it from the command line or cron with
"john".
http://www.openwall.com/john/
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are
officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its
primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most
commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows
NT/2000/XP LM hashes, plus several more with contributed patches.
John the Ripper is a part of Owl, Debian GNU/Linux, EnGarde Linux, Gentoo Linux, Mandrake Linux,
and SuSE Linux. It is in the ports/packages collections of FreeBSD, NetBSD, and OpenBSD.
Brian Kelsay
More information about the Kclug
mailing list