DJohn - Distributed John ========================= This is a little program to parallelize brute force cracking done with John the Ripper [http://www.openwall.com/john]. It has been tested on Linux x86 [Debian, Mandrake, Red Hat], FreeBSD and Solaris. Note: As I don't have access anymore to a Solaris box this new version of DJohn may not compile under Solaris. If this is the case and you want to help, please send me a patch. It was developed by Luis Parravicini . You can download the the latest version from http://ktulu.com.ar/djohn/ Introduction ------------- Coordination of cracking is done by a server (djohnd). It divides the entire domain of passwords to try in work packets. A packet contains the first and the last password to try (inclusively). The clients request a packet to the server, process it, and return the results obtained. In its present state, djohn is intended to run over a network where you can trust the clients. So, you can DOS the server easily. Also, the clients are assumed to be all equal (or very similar in CPU power) as the amount of work delivered to each client is the same for all of them. Installation ----------- Using make and then "make install" to install it. "make install" copies the binaries to /usr/local/bin and the i18n files to /usr/share/locale/ djohnd (the server) -------------------- The first time you run the server, you need to supply the options to be used for cracking (below is the output of djohnd -h). usage: djohnd [options] -b ip : binds the server socket to 'ip' -c charset : sets the charset -f first_word : sets the first word to be tried -l last_word : sets the last word to be tried -t ttl : sets the packet's ttl (in seconds) (default: 600) -w n : sets the amount of words per packet (default: 10000) -r : restore previous session -v : be verbose I'll only explain -c and -r, as I believe the above help is enough for the rest of the options. The charset is a list of the valid characters a password may contain, and you can specify ranges (e.g. a-z). To include the - as a charset character, put it it first or last. For example, to specify all lower case letters, all the digits, the underscore and the equal you would use "a-z0-9_=". After the server starts, it waits listening on port 40000/udp for clients. All the options are saved to djohn.restore when the server receives SIGTERM, SIGQUIT or SIGINT. This way it can be resumed later using -r the next time you run the server. All the passwords sent by the clients are stored in djohn.pot without checking for duplicates. djs ---- Shows the server status and you can change the format of the outputted data. It must be run in the same machine the server is running. djohn (the client) ------------------ The client needs to know where the following things are located: 1. John the Ripper 2. john-ini. This is a copy of john.ini used as a skeleton to create a new john.ini with a external mode called dJohn to try all the words of a packet sent by the server. 3. the password files (it is assumed the passwords files are the same for all the clients and the file names start with "passwd"). 4. the skeleton for the external mode (in a file called dJohn). - John The Ripper is assumed to be on the working directory, on a subdirectory called john/run. This can be changed with '-j' - john-ini, the password files and dJohn are assumed to be on the directory specified with '-d' or if '-d' was not supplied to the program, then where $DJHOME points to. ***************************************************************************** WARNING: Each client must have it's own copy of John the Ripper, as the client overwrites john.ini, restore and john.pot. ***************************************************************************** Now, after all that you can run the client passing the name or the ip of the server to connect to. Now you should see the server (if you have used -v) and the client sending to stdout logging information on the packets received/sent. Compiling under windows: --------------------------------------------- You'll need cygwin [http://www.cygwin.com] and you need to install the following package: gcc, make, gettext, gettext-devel, cygipc. To run djohnd you need to enable the ipc services by running "ipc-daemon2.exe" which is part of the cygipc package. What algorithms are supported?: ------------------------------- As djohn uses John The Ripper to do the cracking the algorithms supported are the ones supported by john. Refer to its documentation for more information. dJohn external mode: -------------------- The external mode used by the client to crack a work packet is created using the skeleton in the file called "dJohn", which is the source code for this external mode with some variables the client replaces with it's actual values. Variables are surrounded by @ and are case sensitive (for example, to get the size of the charset you could use "@charset_length@"). The following list shows the currently supported variables: Name Data type Description charset_length int number of characters in the charset. max_word int maximum supported size for a password. length_word_1 int length of the first word in the work unit. charset string initializes an array of name "charset", containing the word_1 string the first word the external mode will try. eq_word_2 string the last word the external mode will try.