Cracking OpenVMS passwords with John the RipperThis is patch 5 for John the Ripper to allow cracking OpenVMS (Vax and Alpha) passwords. It was written by Jean-loup Gailly, based on code from Shawn Clifford, Davide Casale and Mario Ambrogetti. The patch was made for John 1.6.32 but may work for later versions. This tool is designed for system administrators to detect users who too often select very bad passwords, too easily guessable.
tar xfz john-1.6.tar.gz tar xfz john-1.6.32.tar.gz mv john-1.6.32 john-1.6.32vms tar xfz john-1.6.32-VMS-patch-5.tar.gz cp john-1.6/doc/* john-1.6.32vms/doc/ cp john-1.6/run/*.chr john-1.6.32vms/run/ cd john-1.6.32vms patch -p0 < john-VMS.diff
Version 5 of the patch works on big-endian systems. It has been tested on x86 (Linux), Alpha (VMS and FreeBSD), Vax (VMS), Sparc (SunOS), PA-RISC (Linux). The VMS Alpha executable was made with Dec C 6.0 because the version compiled with Compaq C 6.5 does not work for Blowfish and NTLM.
On x86, asm code is used for speed but a portable C version is included as well. The asm version checks about 200,000 passwords per second on a 1 Ghz system.
$ echo :== write sys$output
before using make.
To crack VMS passwords, you can use the native Alpha or Vax executable of John, but for better speed you can transfer the file sys$system:sysuaf.dat in binary mode to an x86 system running John. Note that you must be a system administrator to have read access to the sysuaf file. In all cases, be very careful of not giving others read access to your copy of sysuaf.dat. Use an encrypted protocol such as scp (not ftp) to transfer any file to a remote system.
Run unuaf to convert this file to a format usable by John. Use the -a option to include disabled accounts.
unuaf sysuaf.dat > sysuaf.john unuaf -a > sysuaf.john
On VMS use:
pipe run unuaf > sysuaf.john pipe mcr unuaf -a > sysuaf.john
If unuaf.exe is not in the current directory, modify  above or include the appropriate directory in your DCL$PATH.
On some sites, sysuaf.dat contains records of 1412 bytes mixed with records of 644 bytes. This confused unuaf. A new VMS/Alpha executable together with a source patch is temporarily available in unuaf.zip. If you cannot run unuaf on VMS, you must first convert sysuaf.dat before transferring it to another system:
$ create sysuaf.fdl file organization sequential record block_span yes carriage_control none format undefined size 1412 $ convert/fdl=sysuaf.fdl sysuaf.dat sysuaf.john
To get optimal results for VMS, modify john.conf as follows:
To create wordlists optimised for VMS, remember that VMS passwords can only contain uppercase letters, digits and the characters '$' and '_'. A good way to reduce a generic wordlist for VMS is:
tr a-z A-Z < wordlist | tr -cd 'A-Z0-9$_\n' | sort -u > password.lst
For convenience, the VMS cracker forces all passwords to uppercase anyway, so you can use a wordlist in lowercase, or the single crack mode which generates lowercase guesses. For speed, the VMS cracker doesn't check that the password contains only legal characters so to avoid wasting time create wordlists with only legal characters (upper or lower case).
For the incremental mode, generate your own vms.chr if you have a large john.pot file already:
john -makechars:vms.chr -external:filter_vms
or just use directly:
john -i:vms passwd-file
For general questions about John the Ripper, please refer to its documentation, available in John 1.6.
of this file
Disclaimer: John the Ripper should not be used against machines you do not own or administer, or have prior permission to run password cracking tools against. Even if you are a system administrator, you should ask permission from your management. The authors take no responsibility for any problems related to running John the Ripper without permission.