📅 最后修改于: 2023-12-03 15:02:08.539000 🧑 作者: Mango
John the Ripper is a popular password cracking tool, capable of cracking a variety of password hashes. It also includes a module specifically for cracking MySQL hashes, appropriately named "mysql".
To use the MySQL module in John the Ripper, you first need to install John the Ripper itself. Instructions for installation can be found on its official website.
Once you have installed John the Ripper, you can use the mysql module to crack MySQL password hashes.
Before you can crack MySQL hashes, you need to have access to a few files:
user_hashes.txt: This file contains a list of user hashes that you want to crack. Each line should contain the username and hash, separated by a colon.
mysql_hashes.txt: This file contains the MySQL hash types and salts. Each line should contain the hash type, salt, and hash, separated by colons.
You can generate the user_hashes.txt file by extracting the relevant information from your MySQL database. The mysql_hashes.txt file can be obtained from the "mysql.user" table in your MySQL database.
To run the mysql module in John the Ripper, use the following command:
john --format=mysql --wordlist=<path_to_wordlist> --users=<path_to_user_hashes.txt> <path_to_mysql_hashes.txt>
--format=mysql: Specifies that the hashes in the mysql_hashes.txt file are MySQL hashes.
--wordlist=<path_to_wordlist>: Specifies the path to the wordlist file that John the Ripper should use to crack the hashes.
--users=<path_to_user_hashes.txt>: Specifies the path to the user_hashes.txt file.
<path_to_mysql_hashes.txt>: Specifies the path to the mysql_hashes.txt file.
Once John the Ripper has finished cracking the hashes, it will output the cracked passwords to a file named "john.pot". The format of this file is:
<username>:<hash>:<cracked_password>
The mysql module in John the Ripper is a powerful tool for cracking MySQL passwords. With the right files and wordlist, it can quickly crack even the most complex of passwords.