EH-Net

Please note, this is not a technical question.

I am doing some research on Dictionary based password cracking that will hopefully be of use for optimisation.

So I was wondering how do most professional hackers use JTR.

Do you normally use it for just cracking one password at a time or do you use a short or long list of passwords? Also, how long would you leave it running before you gave up and tried another method?

Thanks

Ants

Well, I wouldn't call myself a professional hacker, but I use JTR mostly on Linux.   On Windows, I prefer Cain and Abel.   I use it for both, a single password and groups of passwords cracking.    I typically don't run it for more than a few days. 

however many hashes i get from a box is how many i run john on, and will continue to run it on a non production machine until the engagement is close to reporting. Distributed jtr is my next goal to quicken the cracking process. jtr is vital to pentests, hope that helps

I really like JTR too but I don't need it often. I use it for both single and multi. Depending if time is an important key I would let it run also for a longer period of time on a seperate machine.

It depends on what you are trying to achieve. If you just want to prove a point JTR in single crack mode can reveal the weakest passwords in seconds and demonstrates the need for good password policy. I use longer runs when I want to leverage the passwords I find to get deeper.

Jimbob

Hey thanks guys. That helps me a lot.