EvilZone

Hacking and Security => Hacking and Security => Topic started by: z3n3r on December 11, 2013, 09:35:19 PM

Title: Running John the Ripper on Rooted Box
Post by: z3n3r on December 11, 2013, 09:35:19 PM

Hi I am running a simulation attack on a Ubuntu box with remote code execution vulnerability through a web app.(Virtualbox)

I have installed john the ripper on the rooted box and would like to run it to crack a SHA256 password.

Is there anyway to run jtr on the rooted box without throttling the cpu to 100% and alerting the sysadmins?. What arguments are passed when calling john to accomplish this ?

Ps: This is all assuming this is a live HTTP server with MYSQL running at a remote location.   

Thanks.

Title: Re: Running John the Ripper on Rooted Box
Post by: vezzy on December 11, 2013, 10:37:43 PM

Why the hell would you crack hashes on the compromised machine?

You dump the files to your machine, crack them offline and then use the credentials on the compromised machine to get whatever you need.

Title: Re: Running John the Ripper on Rooted Box
Post by: proxx on December 12, 2013, 07:47:52 AM

There is a tool called cpulimit.
http://cpulimit.sourceforge.net/

Syntax is pretty easy and runs on pretty much anything.