John the Ripper🚀: Lets do passwords🤫, salt☠️ and some crack😈

CyberMorans🤗

John is an offline crackhead🤪. Password crackers can be online or offline. Online password crackers, such as Hydra, are used when brute-forcing online network protocols and HTML forms. Situations where online brute forcing might be impractical include a remote system that limits the rate of sign-in attempts☠ or a system that locks users out indefinitely after a predefined number of invalid login attempts😝

In such cases, an offline password cracker😈 attempts to gain access to a password where it is stored instead of using a brute-force attack strategy. Since systems and applications rarely store passwords without cryptographic protection, passwords☠️ must be cracked to make use of them😋-- so lets heroin....sorry crack...some passwords🤭--

A popular offline password cracker, John the Ripper enables hackers😈 to crack passwords, regardless of encrypted or hashed passwords, message authentication codes (MACs) and hash-based MACs (HMACs), or other components of the authentication process😏

Morans, let it rip -- 💪 -- gerrit? Ripper.....rip....🤭😝😂

John the Ripper comes default with Kali Linux so no need for install -- If you are using parrot OS🙄 -- I dont know why but who am I to judge👩‍⚖️ -- You can install using the command 👇

Parrot> sudo apt-get install john

Now simply enter 👇

kali> john

or 👇

kali> john -h

Developed in 1996 by Openwall Project, It is notable for supporting a diversity of password formats. Simply put, John cracks passwords😈. It attempts to replicate the password-handling functionality of a target storage format so that numerous password values can be attempted without relying on password validation. To see supported formats, simply 👇

kali> john --list=formats

🚀 Cracking with Jonte (John)

John is very easy to use☺️. At least, you need to specify the stored password values or hashes you want to crack. If you provide no information other than that, it tries to figure out what format the stored values are in and assumes a set of constraints about what you might want to do 😈

🤖 Cracking modes

Consider which "cracking mode" you intend to use. You can specify your own externally defined modes. John also has built-in modes 👇

• 🧐 Single crack mode uses information about the user, such as username or full name, from the supplied password values, where present, to attempt to build a short, highly focused dictionary of targeted passwords to crack.

• 🤓 Wordlist mode operates via a wordlist, either user-supplied or a built-in one, and tries all the values in the wordlist.

• 😎 Incremental mode attempts to iterate through all possible character combinations according to adjustable length and complexity criteria -- for example, all strings between five and eight alphanumeric characters.

🤖 Password & Hash formats

It's helpful to know the format passwords are stored in. Since applications might manipulate formats in ways John might not expect😳 -- a web application, might Base64- or URL-encode values before storing them. It's also helpful because the built-in mechanisms used by John to determine type and format can be wrong 🥲

Take two similar but vastly different values: an MD5 hash and an MD5 keyed hash. The outputs are identical in format, but the processes that led to the outputs are anything but. John wouldn't know the difference, unless you provide the missing information😁

The 'unshadow' command comes default with John. It combines the contents of /etc/passwd and /etc/shadow on the Linux VM, in this case, Kali 👇

kali> sudo unshadow /etc/passwd /etc/shadow > passwords.out

Then, use the john command and specify the format -- in this case, crypt. Since we haven't told it what cracking mode to use, John begins with single crack and then proceeds to wordlist -- none was specified, so it uses the default. Finally, it will move to incremental mode 👇

kali> sudo john --format=crypt ./passwords.out

An attempt at cracking Microsoft Windows passwords😇 would be Just like the Linux example, passwords must be put into a format John the Ripper can understand. To accomplish that, we used PwDump v8.2 on the windows target cmd -- 👇

We specify wordlist mode🤓 and use rockyou.txt, one of the built-in wordlists that comes by default with most security-focused Linux distros -- not ParrotOS?....apparently 🙄-- The passwords were set to weak values -- dictionary words in all cases -- just for showcasing in this case ☺️

Remember Windows uses NTLM hashes thus 👇

kali> sudo --format=NT --wordlist=/usr/share/wordlists/rockyou.txt ./winpasswords.txt

These two examples 👆 demo the most universally applicable and most basic usage of John the Ripper but accounts for 80% of how you will be using it. For more advanced use (The final 20% to make you super saiyan), you just need to get a little creative with Jonte. Sometimes, the format of stored password values you can obtain are NOT in any of the formats supported by John out of the box 🤬 or may be padded or salted while being encrypted or encoded. This is achieved by a process that adds a string of 32 or more characters and then hashing them during the encryption process. This makes it much much harder to meth -- sorry I meant crack --the password😝

🚀Conclusion 🤖

Subscribe to receive notifications of similar posts 😜 where we will be reverse engineering malware, vulnerabilities as well as hacking tools, vectors, stories, tutorials and other Infosec stuff...😋

Follow me on twitter for daily Infosec Memes and shenanigans😝

Morans,

Thank you for taking time and hope you learned something new, Like/Share and leave a comment and as always, stay awesome! 😋👊 💪