EvilZone

Well there are better methods to getting the password but I wrote this code because it works well when say you are logged in as Guest and you would like to crack the Administrator password without having to restart the machine and booting into another O.S . It works quite well for weak passwords that is.( I believe alot of normal people still use those ) and a good dictionary is needed of course.


And last time I checked Windows Systems don't log incorrect password attempts unless the Admin enables that feature.   


I used this at a local internet cafe and it worked Its dumb but it works.

Hi I am running a simulation attack on a Ubuntu box with remote code execution vulnerability through a web app.(Virtualbox)

I have installed john the ripper on the rooted box and would like to run it to crack a SHA256 password.

Is there anyway to run jtr on the rooted box without throttling the cpu to 100% and alerting the sysadmins?. What arguments are passed when calling john to accomplish this ?

Ps: This is all assuming this is a live HTTP server with MYSQL running at a remote location.   

Thanks.