Cracking Passwords with John the Ripper [LWN.net]

Cracking Passwords with John the Ripper

Posted Feb 16, 2006 3:29 UTC (Thu) by primorec (guest, #2740)
Parent article: Cracking Passwords with John the Ripper

I have no idea what I am doing wrong. Or in other words, I am not able to download the source code of the package. I've tried to download it from the original site ( http://www.openwall.com/john/)
and from the randomly picked mirror. (ftp://ftp.se.openwall.com/pub/ (Sweden)) using browser and/or using CLI ftp.

Result was in both cases the same. Download was not successeful. All I've gotten on the screen was:

ftp> get john-1.7.tar.bz2
local: john-1.7.tar.bz2 remote: john-1.7.tar.bz2
227 Entering Passive Mode
150 Opening BINARY mode data connection for john-1.7.tar.bz2 (688774 bytes).
550-Transfer failed. The file john-1.7.tar.bz2 is infected with the virus Misc/JohnRipper. File quarantined as 1a13131f.john-1.7.tar.bz2.
550 *
ftp> pwd
257 "/pub/projects/john"
ftp> dir
227 Entering Passive Mode
150 Here comes the directory listing.
drwxr-xr-x 10 ftp ftp 4096 Feb 07 16:55 contrib
drwxr-xr-x 2 ftp ftp 4096 Jan 26 18:21 historical
-rw-r--r-- 1 ftp ftp 688774 Jan 12 04:33 john-1.7.tar.bz2
-rw-r--r-- 1 ftp ftp 331 Jan 26 18:16 john-1.7.tar.bz2.sign
-rw-r--r-- 1 ftp ftp 799235 Jan 12 04:33 john-1.7.tar.gz
-rw-r--r-- 1 ftp ftp 331 Jan 26 18:16 john-1.7.tar.gz.sign
-rw-r--r-- 1 ftp ftp 331 Jan 26 18:16 john-17d.sig
-rw-r--r-- 1 ftp ftp 914476 Jan 12 04:33 john-17d.zip
-rw-r--r-- 1 ftp ftp 331 Jan 26 18:16 john-17w.sig
-rw-r--r-- 1 ftp ftp 1390684 Jan 12 04:33 john-17w.zip
226 Directory send OK.

(Log in to post comments)

Security tools considered harmful

Posted Feb 16, 2006 4:41 UTC (Thu) by primorec (guest, #2740) [Link]

It's not you, it's your virus-scanning ftp proxy.

Very likely.. yes... I was behind the company firewall (and all other thingies)

Someone thinks security tools are bad for you.

;-)

Do you have the same problem when you use http instead?

yes

If not, or if you can simply use ftp without the
proxy, fine. If you can't go around it (your firewall blocks or diverts
all outgoing ftp transactions), you'll have to bring it in from
elsewhere.

You were righ! I've DL the file at home without a problem.

Thanks for the hint

Security tools considered harmful

Posted Feb 16, 2006 11:42 UTC (Thu) by nix (subscriber, #2304) [Link]

It's a nice example of how the word 'virus' is being bleached of any useful meaning, too. I can't see *any* definition of 'virus' which would include john (or libcrack, say); they're not malware at all.

If 'virus' equals 'security tool', then antivirus products are viruses! :)

Security tools considered harmful

Posted Feb 16, 2006 13:13 UTC (Thu) by The_Flatlander (guest, #19245) [Link]

>> I can't see *any* definition of 'virus' which would include john (or libcrack, say); they're not malware at all. <<

I agree with you, but it is possible that a copy of of John could turn a small security lapse into a large one quite rapidly, so other than your sysadmins, you probably don't want anyone else having a copy of that. Moreover, if the anti-virus tool were scanning the stream, rather than just blocking the site, it seems quite likely, (to the point of certainty), that some actual trojans or other malware programs contain some of the same routines. (It isn't a great leap to figure that malware writers might have mis-appropriated such code to their own nefarious purposes.)

The Flatlander

Security tools considered harmful

Posted Feb 16, 2006 23:33 UTC (Thu) by xorbe (subscriber, #3165) [Link]

And we all know that someone that knows how to download JohnTR and compile it and use it successfully, will be completely stumped by a proxy filter...

Security tools considered harmful

Posted Feb 18, 2006 19:39 UTC (Sat) by erwbgy (subscriber, #4104) [Link]

Indeed. Adding a few question marks on to the end of the URL often fools
them.