We know the
importance of John the ripper in penetration testing, as it is quite popular
among password cracking tool. In this article, we are introducing the John the
ripper and its various usage for beginners.
What
is John the Ripper?
John the Ripper
is a free password cracking software tool developed by Openwall. Originally developed for Unix
Operating Systems but later on developed for other platforms as well. It is one
of the most popular password testings and breaking programs as it combines a
number of password crackers into one package, autodetects password hash types,
and includes a customizable cracker. It can be run against various encrypted
password formats including several crypt password hash types commonly found in
Linux, Windows. It can also be to crack passwords of Compressed files like ZIP
and also Documents files like PDF.
Where to get
John the Ripper?
John the Ripper
can be downloaded from Openwall’s Website here.
Or from the
Official John the Ripper Repo here
John the Ripper
comes Preinstalled in Linux Kali and can be run from the terminal as shown
below:
John the Ripper works in 3 distinct modes
to crack the passwords:
1.
Single Crack Mode
2.
Wordlist Crack Mode
3.
Incremental Mode
John the Ripper Single Crack Mode
In this mode John the ripper makes use of
the information available to it in the form of a username and other
information. This can be used to crack the password files with the format of
Username: Password
For Example: If the username is “Hacker” it
would try following passwords:
hacker
HACKER
hacker1
h-acker
hacker=
We can use john the ripper in Single Crack
Mode as follows:
Here we have a text file named crack.txt
containing the username and password, where the password is encrypted in sha1
encryption so to crack this password we will use:
Syntax: john [mode/option] [password file]
john
--single --format=raw-sha1 crack.txt
As you can see in the screenshot that we
have successfully cracked the password.
Username: ignite Password: IgNiTe
John the Ripper
Wordlist Crack Mode
In this mode John the ripper uses a
wordlist that can also be called a Dictionary and it compares the hashes of the
words present in the Dictionary with the password hash. We can use any wordlist
of our choice. John also comes in build with a password.lst which contains most
of the common passwords.
Let’s see how John the Ripper cracks
passwords in Wordlist Crack Mode:
Here we have a text file named crack.txt
containing the username and password, where the password is encrypted in sha1
encryption so to crack this password we will use:
Syntax: john [wordlist] [options] [password file]
john
--wordlist=/usr/share/john/password.lst --format=raw-sha1 crack.txt
As you can see in the screenshot, john the
Ripper have cracked our password to be asdfasdf
Cracking the User
Credentials
We are going to demonstrate two ways in
which we will crack the user credentials of a Linux user.
Before that we will have to understand, what
is a shadow file?
In Linux operating system, a shadow
password file is a system file in which encrypted user password is stored so
that they are not available to the people who try to break into the system. It
is located at /etc/shadow.
First
Method
Now, for the first method, we will crack
the credentials of a particular user “pavan”.
Now to do this First we will open the
shadow file as shown in the screenshot.
And we will find the credentials of the
user pavan and copy it from here and paste it into a text file. Here we have
the file named crack.txt.
Now we will use john the ripper to crack
it.
john
crack.txt
As you can see in the screenshot that john
the ripper has successfully cracked the password for the user pavan.
Second
Method
Now, for the second method, we will
collectively crack the credentials for all the users.
To do this we will have to use a john the
ripper utility called “unshadow”.
unshadow
/etc/passwd /etc/shadow > crack.txt
Here the unshadow command is combining the
/etc/passwd and /etc/shadow files so that John can use them to crack them. We
are using both files so that John can use the information provided to
efficiently crack the credentials of all users.
Here is how the crack file looks after
unshadow command.
Now we will use john to crack the user
credentials of all the users collectively.
john
–wordlist=/usr/share/john/password.lst crack.txt
As you can see from the provided screenshot
that we have discovered the following credentials:
User
|
Password
|
Raj
|
123
|
Pavan
|
Asdfasdf
|
Ignite
|
Yellow
|
Stopping and Restoring
Cracking
While John the ripper is working on
cracking some passwords we can interrupt or pause the cracking and Restore or
Resume the Cracking again at our convenience.
So while John the Ripper is running you can
interrupt the cracking by Pressing “q” or Crtl+C as shown in the given
screenshot
Now to resume or restore the cracking process we will use the --restore option of John the ripper as shown in the screenshot
Now we will decrypt various hashes using
John the Ripper
SHA1
To decrypt SHA1 encryption we will use
RockYou as wordlist and crack the password as shown below:
john
–wordlist=/usr/share/wordlists/rockyou.txt –format=raw-sha1 crack.txt
As you can see in the given screenshot that
we have the username pavan and password as Hacker
MD5
To decrypt MD5 encryption we will use
RockYou as wordlist and crack the password as shown below:
john
–wordlist=/usr/share/wordlists/rockyou.txt –format=raw-md5 crack.txt
As you can see in the given screenshot that
we have the username pavan and password as P@ssword.
MD4
To decrypt MD4 encryption we will use
RockYou as wordlist and crack the password as shown below:
john
–wordlist=/usr/share/wordlists/rockyou.txt –format=raw-md4 crack.txt
As you can see in the given screenshot that
we have the username pavan and password as Rockyou
SHA256
To decrypt SHA256 encryption we will use
RockYou as wordlist and crack the password as shown below:
john
–wordlist=/usr/share/wordlists/rockyou.txt –format=raw-sha256 crack.txt
As you can see in the given screenshot that
we have the username pavan and password as pAsSwOrD
RIPEMD128
To decrypt RIPEMD128 encryption we will use
RockYou as wordlist and crack the password as shown below:
john
–wordlist=/usr/share/wordlists/rockyou.txt –format=ripemd-128 crack.txt
As you can see in the given screenshot that
we have the username pavan and password as password123
Whirlpool
To decrypt whirlpool encryption we will use
RockYou as wordlist and crack the password as shown below:
john
–wordlist=/usr/share/wordlists/rockyou.txt –format=whirlpool crack.txt
As you can see in the given screenshot that
we have the username pavan and password as password666
View All Formats
John the Ripper support many encryptions
some of which we showed above. To view all the formats it supports:
john
–list=formats
Hope,
you can take reference of this article while using John the ripper, More
on John the Ripper will be in the Next Part.
Abbreviating the options
We don’t have to type complete option every
time we use john the ripper, Developers have give users the option to
abbreviate the options like
--single can be written as -si
--format can be written as -form
Shown below is an example how to use these abbreviations.
john
-si crack.txt -form=raw-md5
Another abbreviation we can use is:
--wordlist can be written as -w
john
-w=/usr/share/wordlists/rockyou.txt crack.txt -form=raw-md5
Cracking Multiple Files
We can also crack multiple hash files, if
they have the same encryption. Let’s take an example, we have two files.
1.
Crack.txt
2.
Md5.txt
Both contain md5 hashes, so to crack both
files in one session, we will run john as follow:
Syntax: john [file 1][file 2]
john
-form=raw-md5 crack.txt md5.txt
0 comments:
Post a Comment