John The Ripper

dbarron

Sources packages on the download page, just DL and compile it (also free I think, note I didn't download).

Justin

dbarron I think the source is only provided when you but it.

dbarron

It was originally free, but that's been a LONG time ago. I don't reckon I've used a password cracker for ten or maybe fiveteen years. I was a security specialist in a past life.
Edit: confirmed, free download of the zipped tarchive. I think you just pay for the trouble of compilation, a practice I would support. If you need people to compile things for you, you should pay for the trouble.

Justin

dbarron Why crack passwords when you can just reset them on any unencrypted disk. 😁

Justin

dbarron Indeed, I did find the link to the source among that awfully formatted page. Ran configure in source dir and yeah, it's compile ready.

Configure finished. Now "make -s clean && make -sj4" to compile. Interesting that they specify -j4 though, let make decide how many threads to compile at once. I'd hate to see that on a single-core machine, it'd practically grind to a halt.

brent

dbarron The snap seems free. Maybe, like you alluded to, some built-in costs later(?)

dbarron

Justin Because idiots in my company were running with ridiculous passwords, and I cracked the corporate windows acounts, and automatically mailed everyone (including president of company) that they should use stronger passwords.

kyrios

dbarron Idiots indeed... not only they use weak passwords but they don't even fire the guy with such a behaviour...

dbarron

kyrios It was my job to improve security, thus I have to discover and correct it, right?

elfprince

dbarron A scene straight from 'The Hackers' ! :-)

kyrios

dbarron I don't know where and when you did this or how small the company was to be so ignorant and tolerate this but clearly this was wrong and nowadays should you do something like this, not only you'd be fired for serious misconduct but most large companies would also sue you.

Massive password cracking not only is legally questionable, but it doesn't improve security: it is a security incident ! Also sending mails to ask people to use stronger password doesn't correct anything. And since internal sources represent a higher risk than hackers for companies, mailing everyone to tell "passwords here are weak" is like telling employees "never considered stealing company sensitive data? you should try, you have no idea how easy it is to hack your colleagues and gain their accesses".

Because you know just enforcing a password policy isn't fun... Cracking and mailing people is funnier, especially when lot of people would just ignore the mail. 🤠

dbarron

I ran penetration testing at night and all the jazz. I enjoyed it..because there is/was the soul of a hacker buried not so deeply.

dbarron

kyrios We shall agree to disagree about methodologies without you knowing the circumstances involved and making broad generalizations.