Test your users password security with JTR
You can do that using John The Ripper.
Installing john the ripper:
Login as root, then:
# wget http://www.openwall.com/john/f/john-1.7.0.2.tar.gz
# tar -zxvf john-1.7.0.2.tar.gz
# cd john-1.7.0.2/src
# make generic
# cd ../run
Running the wordlist provided with John the Ripper against your password file (for linux /etc/shadow ):
# ./john -wordlist:password.lst /etc/shadow
After decrypting process of your /etc/shadow file (it should take some time) , you can view the passwords that were decrypted:
# ./john -show /etc/shadow
You will get it on the format: username:password, if you get any results you should change those passwords.
Remove the .pot (you should remove it, because it contains login information decrypted):
# rm -rf john.pot
And it is done, now you can do it all the weeks to get informed about password security level.
7:32 AM
|
Tags:
security
|
This entry was posted on 7:32 AM
and is filed under
security
.
You can follow any responses to this entry through
the RSS 2.0 feed.
You can leave a response,
or trackback from your own site.
0 Comments:
Post a Comment