CyberMoransđ¤
John is an offline crackheadđ¤Ş. Password crackers can be online or offline. Online password crackers, such as Hydra, are used when brute-forcing online network protocols and HTML forms. Situations where online brute forcing might be impractical include a remote system that limits the rate of sign-in attemptsâ or a system that locks users out indefinitely after a predefined number of invalid login attemptsđ
In such cases, an offline password crackerđ attempts to gain access to a password where it is stored instead of using a brute-force attack strategy. Since systems and applications rarely store passwords without cryptographic protection, passwordsâ ď¸ must be cracked to make use of themđ-- so lets heroin....sorry crack...some passwordsđ¤--
A popular offline password cracker, John the Ripper enables hackersđ to crack passwords, regardless of encrypted or hashed passwords, message authentication codes (MACs) and hash-based MACs (HMACs), or other components of the authentication processđ
Morans, let it rip -- đŞ -- gerrit? Ripper.....rip....đ¤đđ
John the Ripper comes default with Kali Linux so no need for install -- If you are using parrot OSđ -- I dont know why but who am I to judgeđŠââď¸ -- You can install using the command đ
Parrot> sudo apt-get install john
Now simply enter đ
kali> john
or đ
kali> john -h
Developed in 1996 by Openwall Project, It is notable for supporting a diversity of password formats. Simply put, John cracks passwordsđ. It attempts to replicate the password-handling functionality of a target storage format so that numerous password values can be attempted without relying on password validation. To see supported formats, simply đ
kali> john --list=formats
đ Cracking with Jonte (John)
John is very easy to useâşď¸. At least, you need to specify the stored password values or hashes you want to crack. If you provide no information other than that, it tries to figure out what format the stored values are in and assumes a set of constraints about what you might want to do đ
đ¤ Cracking modes
Consider which "cracking mode" you intend to use. You can specify your own externally defined modes. John also has built-in modes đ
đ§ Single crack mode uses information about the user, such as username or full name, from the supplied password values, where present, to attempt to build a short, highly focused dictionary of targeted passwords to crack.
đ¤ Wordlist mode operates via a wordlist, either user-supplied or a built-in one, and tries all the values in the wordlist.
đ Incremental mode attempts to iterate through all possible character combinations according to adjustable length and complexity criteria -- for example, all strings between five and eight alphanumeric characters.
đ¤ Password & Hash formats
It's helpful to know the format passwords are stored in. Since applications might manipulate formats in ways John might not expectđł -- a web application, might Base64- or URL-encode values before storing them. It's also helpful because the built-in mechanisms used by John to determine type and format can be wrong đĽ˛
Take two similar but vastly different values: an MD5 hash and an MD5 keyed hash. The outputs are identical in format, but the processes that led to the outputs are anything but. John wouldn't know the difference, unless you provide the missing informationđ
The 'unshadow' command comes default with John. It combines the contents of /etc/passwd and /etc/shadow on the Linux VM, in this case, Kali đ
kali> sudo unshadow /etc/passwd /etc/shadow > passwords.out
Then, use the john command and specify the format -- in this case, crypt. Since we haven't told it what cracking mode to use, John begins with single crack and then proceeds to wordlist -- none was specified, so it uses the default. Finally, it will move to incremental mode đ
kali> sudo john --format=crypt ./passwords.out
An attempt at cracking Microsoft Windows passwordsđ would be Just like the Linux example, passwords must be put into a format John the Ripper can understand. To accomplish that, we used PwDump v8.2 on the windows target cmd -- đ
We specify wordlist modeđ¤ and use rockyou.txt, one of the built-in wordlists that comes by default with most security-focused Linux distros -- not ParrotOS?....apparently đ-- The passwords were set to weak values -- dictionary words in all cases -- just for showcasing in this case âşď¸
Remember Windows uses NTLM hashes thus đ
kali> sudo --format=NT --wordlist=/usr/share/wordlists/rockyou.txt ./winpasswords.txt
These two examples đ demo the most universally applicable and most basic usage of John the Ripper but accounts for 80% of how you will be using it. For more advanced use (The final 20% to make you super saiyan), you just need to get a little creative with Jonte. Sometimes, the format of stored password values you can obtain are NOT in any of the formats supported by John out of the box 𤏠or may be padded or salted while being encrypted or encoded. This is achieved by a process that adds a string of 32 or more characters and then hashing them during the encryption process. This makes it much much harder to meth -- sorry I meant crack --the passwordđ
đConclusion đ¤
Subscribe to receive notifications of similar posts đ where we will be reverse engineering malware, vulnerabilities as well as hacking tools, vectors, stories, tutorials and other Infosec stuff...đ
Follow me on twitter for daily Infosec Memes and shenanigansđ
Morans,
Thank you for taking time and hope you learned something new, Like/Share and leave a comment and as always, stay awesome! đđ đŞ
Commentaires