You're reading from Ethical Password Cracking Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking

Product type Paperback

Published in Jun 2024

Publisher Packt

ISBN-13 9781804611265

Length 168 pages

Edition 1st Edition

Languages

Tools

Nmap

Concepts

Ethical Hacking

Author (1):

James Leyte-Vidal

View More author details

Table of Contents (17) Chapters

Preface

1. Part 1: Introduction and Setup

2. Chapter 1: Password Storage: Math, Probability, and Complexity FREE CHAPTER

3. Chapter 2: Why Crack When OSINT Will Do?

4. Chapter 3: Setting Up Your Password Cracking Environment

5. Chapter 4: John and Hashcat Rules

6. Part 2: Collection and Cracking

7. Chapter 5: Windows and macOS Password Cracking

8. Chapter 6: Linux Password Cracking

9. Chapter 7: WPA/WPA2 Wireless Password Cracking

10. Chapter 8: WordPress, Drupal, and Webmin Password Cracking

11. Chapter 9: Password Vault Cracking

12. Chapter 10: Cryptocurrency Wallet Passphrase Cracking

13. Part 3: Conclusion

14. Chapter 11: Protections against Password Cracking Attacks

15. Index

Why subscribe?

16. Other Books You May Enjoy

Technical requirements

You will need a system (or two systems) on which to run hashcat and John. Virtual machines (VMs) are useful for documenting and testing software, but they will be limited in the system resources you can use (number of CPU cores and GPUs).

Hashcat will require NVIDIA or AMD drivers for best effectiveness, and these are often easier to install in Windows. As such, you may want to set up hashcat in Windows, which is what we will walk through in this chapter. On the other hand, we will install John on a Linux system, as the installation is more straightforward in that operating system. However, you can absolutely take a different approach. That being said, you will need a system to install these on, and we recommend it be a “real” (not virtualized) system.

Installing and introducing John

John (short for John the Ripper) has a long history dating back to the 1990s. The current major version as of this writing is 1.9.0. While this release originally came out in 2019, we continue to frequently see improvements and changes to the code base. However, the team behind John only does releases periodically.

At this point, you have to make a decision – whether you want to use the current release or bring in additional improvements over the past few years via their bleeding edge code repository. It is likely that the bleeding edge code repository may have improvements that are not present in 1.9.0; however, the reason things are often referred to as bleeding edge is that you may cut yourself while handling them – in other words, the functionality may be more likely to break or not work in bleeding edge products in general. If you want a more stable experience, work with 1.9.0 if you need the latest and greatest, recognizing that it may include some periodic challenges along the way. In either case, we recommend (and will discuss the installation of) the 1.9.0 Jumbo version of this release, which also includes various supporting utilities and capabilities beyond the core release.

You will also need to decide what platform (host operating system) to install John on. In our examples, we will install John on Ubuntu 20.04 LTS. The installation of Ubuntu 20.04 or other Linux distributions is an exercise left to you. To install John 1.9.0-Jumbo, we need to go to the openwall GitHub repo and find the release tag for 1.9.0-Jumbo. At the time of this writing, the URL is https://github.com/openwall/John/releases/tag/1.9.0-Jumbo-1. This page will give you an option to download the source code for this release, as shown in Figure 3.1:

Figure 3.1 – John’s 1.9.0-Jumbo-1 release tag in GitHub

Once downloaded, extract the contents of the file; using the built-in archive utility in Ubuntu is fine. We recommend extracting the file to your home directory (/home/username). When this is complete, move into the doc directory under /john-1.9.0-Jumbo-1 and find the install-ubuntu file. This will contain the most current instructions to install John. We will cover the high-level steps here:

Ensure that the appropriate build toolchains are installed. At the time of this writing, this is done by running the following command:
```
$ sudo apt-get -y install build-essential libssl-dev git zlib1g-dev
```
Note that some installation commands in John will require sudo and some will not; please do not use sudo when not needed as the end product may not work properly.
As recommended by the install document, we will install some supplemental packages for performance:
```
$ sudo apt-get -y install yasm libgmp-dev libpcap-dev pkg-config libbz2-dev
```
At this point, install AMD or NVIDIA GPU support following the instructions.
Finally, we are ready to build and install John. From the /john-1.9.0-Jumbo-1/src directory, we will run ./configure && make -s clean && make -sj4 (note that this is all one sequence of commands chained together with ampersands (&&).
Note that this is run without sudo. This should ensure that John has everything it needs and we can then build John. In the end, your output should look something like what we see in Figure 3.2:

Figure 3.2 – Successful completion of the John build

Finally, we can test the installation by returning to the /john-1.9.0-Jumbo-1/run directory and running ./john --test=0. You should get an extensive amount of output indicating that it succeeded in all tests and it’s ready to go, as shown in Figure 3.3:

Figure 3.3 – Output of ./john --test=0

As a last step, we can benchmark John’s performance against the various hash types by running ./john –-test (with no 0). This performs the same self-tests as previously but also does the benchmarking. As a note, this run is quite a bit slower due to benchmarking the 400+ hash types, but this will also provide you with rough data on performance (see Figure 3.4):

Figure 3.4 – Completed John benchmarking run

So, that’s it! We have successfully installed John on our platform and are ready to crack. There was an important side benefit of this installation as well – John’s installation also sets up a number of great utility scripts that we can use to help convert recovered hashes to a format that John can use for cracking. This allows John to more readily keep up with file format changes by altering the scripts instead of the core product. If you look at the contents of the /run directory where the John binary is located, we can see these varied utilities – either Perl or Python-based – in the same directory (see Figure 3.5):

Figure 3.5 – John utilities and other files in the /run directory

These steps have taken you through installing John via the zipped-up source code associated with the 1.9.0 release. If we want the bleeding edge John content, we need to get the source code directories in a different way. We need to prepare a place to put the source, then copy the code down by running the following command in the terminal:

git clone https://github.com/openwall/John.git

From there, you can follow the previous directions to install the prerequisites, then build and install John. Remember to review the install document in the /doc subdirectory for any changes.

Now that we have installed John, let us take a quick tour of the core functions of the product.

Core functions of John

John the Ripper offers different modes of operation, each designed for a specific type of password cracking. The primary modes are as follows:

Wordlist mode, which uses a dictionary or wordlist to compare against the hashed password
Single crack mode, which focuses on cracking password hashes with known usernames and other information specific to the user by generating password candidates based on this data – as a result, it is fast but sometimes not successful
Incremental mode, which performs a brute-force attack by systematically generating all possible password combinations within a given keyspace

To select a mode, use the corresponding command-line option, such as --wordlist for Wordlist mode, --single for Single crack mode, or --incremental for Incremental mode.

Word mangling rules in John the Ripper allow you to perform various operations on words from your wordlist to generate new password candidates. These operations can include substitution, deletion, or insertion of characters, capitalization, and more. Word mangling rules help extend the effectiveness of your wordlist and increase the chances of cracking a password. You can create custom rule files or use predefined ones provided with John the Ripper or its community. To use word mangling rules, add the --rules option followed by the rule file’s name or path.

John also supports character sets to specify the appropriate characters to use while cracking – while English readers may not be familiar with this, other languages may leverage various characters that should be considered in our cracking. Custom character sets in John the Ripper allow you to define the set of characters used to generate password candidates during Incremental mode. By default, John provides several built-in character sets, including lowercase letters, uppercase letters, digits, and special characters. You can also create custom character sets to suit your needs. Custom character sets help limit the search space when you have some knowledge of the password structure, reducing the time required to crack the password.