Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
I recently went through the OSX Jumbo JtR installation, so I figured I’d share some tips and information.
OSX Jumbo JtR – Introduction
I am not sure if it matters, but I did all of this on macOS Sierra.
First, I cloned the GitHub repository to my machine.
Unfortunately, I ran into a few issues when I attempted a simple configure/make/install.
Issues
My only issue stemmed from OpenSSL and Homebrew.
First, I received a few errors about undefined symbols that looked suspiciously like OpenSSL calls.
Configure finished. Now 'make -s clean && make -sj8' to compile.
Rays-MacBook-Pro:src doyler$ make -s clean && make -sj8
pomelo_plug.c:106:62: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (inlen > 256 || saltlen > 64 || outlen > 256 || inlen < 0 || saltlen < 0 || outlen < 0) return 1;
~~~~~ ^ ~
...
Undefined symbols for architecture x86_64:
"_CMAC_CTX_free", referenced from:
_crypt_all in wpapmk_fmt_plug.o
_crypt_all in wpapsk_fmt_plug.o
"_CMAC_CTX_new", referenced from:
_crypt_all in wpapmk_fmt_plug.o
_crypt_all in wpapsk_fmt_plug.o
...
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [../run/john] Error 1
make: *** [default] Error 2
After a bit of research, I found a GitHub issue describing exactly what I was running into.
Compilation
Using the recommended command, I was able to link the Homebrew OpenSSL headers with the system install.
Rays-MacBook-Pro:tools doyler$ cd JohnTheRipper/
Rays-MacBook-Pro:JohnTheRipper doyler$ cd src/
Rays-MacBook-Pro:src doyler$ ./configure LDFLAGS=-L/usr/local/opt/openssl/lib CPPFLAGS=-I/usr/local/opt/openssl/include
checking build system type... x86_64-apple-darwin16.6.0
checking host system type... x86_64-apple-darwin16.6.0
...
Configured for building John the Ripper jumbo:
Target CPU ................................. x86_64 AVX2, 64-bit LE
AES-NI support ............................. depends on OpenSSL
Target OS .................................. darwin16.6.0
Cross compiling ............................ no
Legacy arch header ......................... x86-64.h
Optional libraries/features found:
Fuzzing test ............................... no
Experimental code .......................... no
OpenMPI support (default disabled) ......... no
Fork support ............................... yes
OpenMP support ............................. no
OpenCL support ............................. yes
Generic crypt(3) format .................... yes
librexgen (regex cracking mode) ............ no
libgmp (PRINCE mode and faster SRP formats) yes
libpcap (vncpcap2john and SIPdump) ......... yes
libz (pkzip format, gpg2john) .............. yes
libbz2 (gpg2john extra decompression logic) yes
128-bit integer (faster PRINCE mode) ....... yes
Memory map (share/page large files) ........ yes
ZTEX USB-FPGA module 1.15y support ......... no
Development options (these may hurt performance when enabled):
Memdbg memory debugging settings ........... disabled
AddressSanitizer ("ASan") .................. disabled
UndefinedBehaviorSanitizer ("UbSan") ....... disabled
Install missing libraries to get any needed features that were omitted.
Configure finished. Now 'make -s clean && make -sj8' to compile.
Once the configure finished, I was able to successfully run make.
Rays-MacBook-Pro:src doyler$ make -s clean && make -sj8
ar: creating archive aes.a
ar: creating archive secp256k1.a
pomelo_plug.c:106:62: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (inlen > 256 || saltlen > 64 || outlen > 256 || inlen < 0 || saltlen < 0 || outlen < 0) return 1;
~~~~~ ^ ~
pomelo_plug.c:106:77: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (inlen > 256 || saltlen > 64 || outlen > 256 || inlen < 0 || saltlen < 0 || outlen < 0) return 1;
~~~~~~~ ^ ~
pomelo_plug.c:106:91: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (inlen > 256 || saltlen > 64 || outlen > 256 || inlen < 0 || saltlen < 0 || outlen < 0) return 1;
~~~~~~ ^ ~
3 warnings generated.
clang: warning: argument unused during compilation: '-pthread' [-Wunused-command-line-argument]
clang: warning: argument unused during compilation: '-pthread' [-Wunused-command-line-argument]
clang: warning: argument unused during compilation: '-pthread' [-Wunused-command-line-argument]
clang: warning: argument unused during compilation: '-pthread' [-Wunused-command-line-argument]
clang: warning: argument unused during compilation: '-pthread' [-Wunused-command-line-argument]
clang: warning: argument unused during compilation: '-pthread' [-Wunused-command-line-argument]
clang: warning: argument unused during compilation: '-pthread' [-Wunused-command-line-argument]
clang: warning: argument unused during compilation: '-pthread' [-Wunused-command-line-argument]
Make process completed.
Successful Run and Testing
With the make process successful, it was time for me to see if the jumbo john would actually run.
Rays-MacBook-Pro:run doyler$ ./john
John the Ripper 1.8.0-jumbo-1-6058-g3f450bd26 [darwin16.6.0 64-bit AVX2-ac]
Copyright (c) 1996-2017 by Solar Designer and others
Homepage: http://www.openwall.com/john/
Usage: john [OPTIONS] [PASSWORD-FILES]
--single[=(SECTION[,S2,..,Sn]|:rule)] "single crack" mode
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin
--pipe like --stdin, but bulk reads, and allows rules
--loopback[=FILE] like --wordlist, but extract words from a .pot file
--dupe-suppression suppress all dupes in wordlist (and force preload)
--prince[=FILE] PRINCE mode, read words from FILE
--encoding=NAME input encoding (eg. UTF-8, ISO-8859-1). See also
doc/ENCODING and --list=hidden-options.
--rules[=(SECTION[,S2,..,Sn]|:rule)] enable word mangling rules for
wordlist or PRINCE modes
--incremental[=MODE] "incremental" mode [using section MODE]
--mask[=MASK] mask mode using MASK (or default from john.conf)
--markov[=OPTIONS] "Markov" mode (see doc/MARKOV)
--external=MODE external mode or word filter
--stdout[=LENGTH] just output candidate passwords [cut at LENGTH]
--restore[=NAME] restore an interrupted session [called NAME]
--session=NAME give a new session the NAME
--status[=NAME] print status of a session [called NAME]
--make-charset=FILE make a charset file. It will be overwritten
--show[=left] show cracked passwords [if =left, then uncracked]
--test[=TIME] run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..] load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
--salts=[-]COUNT[:MAX] load salts with[out] COUNT [to MAX] hashes
--costs=[-]C[:M][,...] load salts with[out] cost value Cn [to Mn]. For
tunable cost parameters, see doc/OPTIONS
--save-memory=LEVEL enable memory saving, at LEVEL 1..3
--node=MIN[-MAX]/TOTAL this node's number range out of TOTAL count
--fork=N fork N processes
--pot=NAME pot file to use
--list=WHAT list capabilities, see --list=help or doc/OPTIONS
--devices=N[,..] set OpenCL device(s) (see --list=opencl-devices)
--format=NAME force hash of type NAME. The supported formats can
be seen with --list=formats and --list=subformats
When I received no errors, I ran it against a mysql hash that I had previously captured.
rays-mbp:Internal doyler$ ~/tools/JohnTheRipper/run/john mysql.txt Using default input encoding: UTF-8 Loaded 1 password hash (mysqlna, MySQL Network Authentication [SHA1 32/64]) Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:01:20 3/3 0g/s 2138Kp/s 2138Kc/s 2138KC/s sevin1292
Unfortunately, I wasn’t able to crack this particular hash, but I already knew that would be the case.
OSX Jumbo JtR – Conclusion
While there was the one issue that will recur every time, it was worth getting this setup.
I now have hashcat and the jumbo jtr build on my testing rig, which should save some time waiting on our cracking rig.
Let me know if you have any suggestions for other cracking tools for me to use, or other example posts!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
One comment
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
[…] that this is both the most common method of authentication, but ALSO the reason that this is the least secure method of authentication. Due to this, it is incredibly important that you not only create strong passwords, but you keep […]