EvilZone

Hacking and Security => Hacking and Security => : z3n3r December 11, 2013, 09:35:19 PM

: Running John the Ripper on Rooted Box
: z3n3r December 11, 2013, 09:35:19 PM

Hi I am running a simulation attack on a Ubuntu box with remote code execution vulnerability through a web app.(Virtualbox)

I have installed john the ripper on the rooted box and would like to run it to crack a SHA256 password.

Is there anyway to run jtr on the rooted box without throttling the cpu to 100% and alerting the sysadmins?. What arguments are passed when calling john to accomplish this ?

Ps: This is all assuming this is a live HTTP server with MYSQL running at a remote location.   

Thanks.

: Re: Running John the Ripper on Rooted Box
: vezzy December 11, 2013, 10:37:43 PM

Why the hell would you crack hashes on the compromised machine?

You dump the files to your machine, crack them offline and then use the credentials on the compromised machine to get whatever you need.

: Re: Running John the Ripper on Rooted Box
: proxx December 12, 2013, 07:47:52 AM

There is a tool called cpulimit.
http://cpulimit.sourceforge.net/

Syntax is pretty easy and runs on pretty much anything.