Proteus <nospam@nowhere.net> writes:

>ok i am seeking to harden my system (and my brother's who is a linux
>newbie), so I got John the Rippper (password cracker) and am learning to
>use it to test my own system's passwords for strength. But the program
>requires that I have a copy of /etc/shadow (shadowed passwords); well it
>seems to me that in order to have that file one must have already cracked
>some password to enter a PC system, so what is the point of Ripper other
>than testing passwords? I mean, how does a cracker get into a system in
>the first place using a password cracker since it seems to be a Catch22?
>Mind you, I am no cracker, I just want to learn to harden my system, learn
>to prevent crackers from getting in.

He might have found a backup tape lying around for example. He might have
booted into the machine in single user and gotten the file.
One of the reasons that Linux went over to shadow passwords was that
programs like yours were becoming popular.