We learned most of the basic information on
John the Ripper in our Previous Article which can be found here.
In this article we will use John the Ripper to crack the password hashes of
some of the file formats like zip, rar, pdf and much more.
To crack theses password hashes, we are
going to use some of the inbuilt and some other utilities which extract the
password hash form the locked file. There are some utilities that come inbuilt
with john which can be found using the following command.
locate
*2john
As you can see that we have the following
utilities, we will demonstrate some of them here.
Cracking the SSH Password Hash
John the Ripper can crack the SSH private
key which is created in RSA Encryption. To test the cracking of the private
key, first we will have to create a set of new private keys. To do this we will
use a utility that comes with ssh, called “ssh-keygen”.
ssh-keygen
After opening, it asks for the location at
which we want the public/private rsa key pair to store? You can use any
location or you can leave it as default.
After that it asks for the passphrase,
after entering the password again, we successfully generate the rsa private
key. (Refer the Screenshot)
When you will try to open the file, you
will be greeted by the following prompt.
Now John cannot directly crack this key,
first we will have to change it format, which can be done using a john utility
called “ssh2john”.
Syntax: ssh2john [location of key]
ssh2john
/home/pavan/.ssh/id_rsa > crack.txt
You can see that we converted the key to a
crack able hash and then entered it into a text file named id_rsa.txt.
Now let’s use John the Ripper to crack this
hash.
john
–wordlist=/usr/share/wordlists/rockyou.txt id_rsa.txt
Great! We have successfully cracked the
passphrase used to create the private ssh key to be “password123”
Cracking the KeepPass2 Password Hash
John the Ripper can crack the KeepPass2
key. To test the cracking of the key, first we will have to create a set of new
keys. To do this we will use a utility that is called “kpcli”.
kpcli
Now
we will create a database file using command “saveas” and naming the database
file as ignite.kdb and entering a passcode to secure it.
When you will try to open the file, you
will be greeted by the following prompt.
Now John cannot directly crack this key,
first we will have to change it format, which can be done using a john utility
called “keepass2john”.
Syntax: keepass2john [location of key]
keepass2john ignite.kdb > crack.txt
Now let’s use John the Ripper to crack this
hash.
john
–wordlist=/usr/share/wordlists/rockyou.txt crack.txt
Great! We have successfully cracked the
passphrase used to create the key to be “12345678”
Cracking the RAR Password Hash
Now we will crack some compressed files, to
do that we will have to create a file to be compressed so let’s do that using
echo command as shown in the given screenshot.
You can see that we created a file.txt
which we will be using to create compressed files.
echo
hackingarticles.in > file.txt
John the Ripper can crack the RAR file
passwords. To test the cracking of the password, first let’s create a
compressed encrypted rar file.
rar
a -hpabc123 file.rar file.txt
·
a = Add files to archive
·
hp[password] = Encrypt both
file data and headers
This
will compress and encrypt our file.txt into a file.rar. So, when you will try
to open the file, you will be greeted by the following prompt.
Now John cannot directly crack this key,
first we will have to change it format, which can be done using a john utility
called “rar2john”.
Syntax: rar2john [location of key]
rar2john
file.rar > crack.txt
Now let’s use John the Ripper to crack this
hash.
john
–wordlist=/usr/share/wordlists/rockyou.txt crack.txt
Great! We have successfully cracked the
passphrase used to create the key to be “abc123”
Cracking the ZIP
Password Hash
John the Ripper can crack the ZIP file
passwords. To test the cracking of the password, first let’s create a
compressed encrypted zip file.
zip
-er file.zip file.txt
- e = Encrypt
- r = Recurse into directories
This will compress and encrypt our file.txt
into a file.zip. So, when you will try to open the file, you will be greeted by
the following prompt.
Now John cannot directly crack this key,
first we will have to change it format, which can be done using a john utility
called “zip2john”.
Syntax: zip2john [location of key]
zip2john
file.zip > crack.txt
Now let’s use John the Ripper to crack this
hash.
john
–wordlist=/usr/share/wordlists/rockyou.txt crack.txt
Great! We have successfully cracked the
passphrase used to create the key to be “654321”
Cracking the 7-Zip
Password Hash
John the Ripper can crack the 7-Zip file
passwords. To test the cracking of the password, first let’s create a
compressed encrypted 7z file.
7z a
-mhe file.7z file.txt -p”password”
•
a = Add files to archive
•
m = Set compression Method
•
h = Calculate hash values for
files
•
e = Encrypt file
•
p = set Password
This will compress and encrypt our file.txt
into a file.7z. So, when you will try to open the file, you will be greeted by
the following prompt.
Now John cannot directly crack this key,
first we will have to change it format, which can be done using a john utility
called “7z2john”. This is not inbuilt utility, It can be downloaded from here.
Syntax: zip2john [location of key]
python
7z2john.py file.7z > crack.txt
Now let’s use John the Ripper to crack this
hash.
john
–wordlist=/usr/share/wordlists/rockyou.txt crack.txt
Great! We have successfully cracked the
passphrase used to create the key to be “password”
Cracking the PDF
Password Hash
John the Ripper can crack the PDF file
passwords. You can encrypt your pdf online by using this website. This
will compress and encrypt our pdf into a password protected file.pdf. So, when
you will try to open the file, you will be greeted by the following prompt.
Now John cannot directly crack this key,
first we will have to change it format, which can be done using a john utility
called “pdf2john”. This is not inbuilt utility, it can be downloaded from here.
Syntax: pdf2john [location of key]
python pdf2john.py file.pdf > crack.txt
Now let’s use John the Ripper to crack this
hash.
john
–wordlist=/usr/share/wordlists/rockyou.txt crack.txt
Great! We have successfully cracked the
passphrase used to create the key to be “password123”.
Cracking the PuTTY
Password Hash
John the Ripper can crack the PuTTY private
key which is created in RSA Encryption. To test the cracking of the private
key, first we will have to create a set of new private keys. To do this we will
use a utility that comes with PuTTY, called “PuTTY Key Generator”.
Click on “Generate”. After Generating the
key, we get a window where we will input the key passphrase as shown in the
screenshot.
After entering the passphrase, click on
Save private key to get a private key in the form of a .ppk file
After generating transfer this .ppk file to
Kali Linux.
Now John cannot directly crack this key,
first we will have to change it format, which can be done using a john utility
called “putty2john”.
Syntax: putty2john [location of key]
putty2john
file.ppk > crack.txt
You can see that we converted the key to a
crack able hash and then entered it into a text file named crack.txt.
Now let’s use John the Ripper to crack this
hash.
john
–wordlist=/usr/share/wordlists/rockyou.txt id_rsa.txt
Great! We have successfully cracked the
passphrase used to create the private PuTTY key to be “password”.
Cracking the
“Password Safe” Password Hash
John the Ripper can crack the Password Safe
Software’s key. To test the cracking of the key, first we will have to create a
set of new keys. To do this we will install the Password Safe Software on our
Windows 10 System.
To get a new key, Click on “New”
In this prompt, check the Show Combination
Box. After that Enter the Passphrase you want to use to generate the key. This
will generate a .psafe3 file.
After generating transfer this .safe3 file
to Kali Linux.
Now John cannot directly crack this key,
first we will have to change it format, which can be done using a john utility
called “pwsafe2john”.
Syntax:
pwsafe2john [location of key]
pwsafe2john
ignite.psafe3 > crack.txt
You can see that we converted the key to a
crack able hash and then entered it into a text file named crack.txt.
Now let’s use John the Ripper to crack this
hash.
john
–wordlist=/usr/share/wordlists/rockyou.txt crack.txt
Great! We have successfully cracked the
passphrase used to create the private pwsafe key to be “password123”
0 comments:
Post a Comment