i Penetration Testing – John the Ripper – Password Cracking – All things in moderation

# Penetration Testing – John the Ripper – Password Cracking

After some previous posts, I think you guys have know the first thing about how we could pentest our client’s system. But every now and then, I always meet some problems when I could get the client’s hash passwords. Take NTML hashes from a domain controller or if you hack into other websites then you could get their usernames but the passwords are in hash… as an example. So I think we should have an article about this part.

Firstly, we need to know how many ways to use to crack the hash. I think we got there here. They are wordlist, rules and hashing algorithms.

### 1 . Wordlist

They are a file or a list of files that contain a bunch of common passwords, the software crackers will hash each password and then check if they have matched or not.

I will put some password listes here:
-Rockyou
I think this wordlist is well known and it is quite small with 14344392 common passwords. This is the first place you want to check if you want to crack the hash password. It is located at /usr/share/wordlists/ if you use Kali Linux. You need to unzip it before using it.

gunzip rockyou.txt.gz

-Crackstation human only
It contains a lot of passwords from various resourses. This list comes around 64 million passwords.

### 2 . Rules

If you guys need some modifications with your wordlists, you need use some rules. Just understand the rules make our wordlist better. 😀
With set of rules from here: http://contest-2010.korelogic.com/rules.html
For example, this rule is a quick and dirty way to capitalize certain letters in the word. ( word becomes Word wOrd woRd worD )

# This is a lamer/faster version of --rules:nt
[List.Rules:KoreLogicRulesReplaceLettersCaps]
/asaA
/bsbB
/cscC
/dsdD
/eseE
/fsfF
/gsgG
/hshH
/isiI
/jsjJ
/kskK
/lslL
/msmM
/nsnN
/osoO
/pspP
/qsqQ
/rsrR
/sssS
/tstT
/usuU
/vsvV
/wswW
/xsxX
/ysyY
/zszZ



### 3 . Hash Algorithms

This hash algorithm is used to create a password hash. For examples, MD5 or SHA1 hash algorithm …
When you select the has algorithm to crack the hash, it will either make our progress faster or exit right away if you chose the wrong algorithm for this hash.

Personally, I usually use two tools in this situation, they are John the Ripper and oclHashcat.

### John the Ripper ( JtR )

You guys could have quick look about it from here:

john -help

For example, we create a file name test_hash.txt

cat test_hash.txt

Then put some hashes in this file.

user1:d0763edaa9d9bd2a9516280e9044d885
user2:a8e003b1180fd689f558657079d05f5a

When we run JtR without any modification, it is pretty slowly.

john test_hash.txt

But with some changes, it works like a charm.

john –format=Raw-MD5 test_hash.txt

john –show –format=Raw-MD5 test_hash.txt

They are: monkey and monkey2011.

With my experiences, you guys must practise a lot with this tool to find out how it works. It is not easy like you think. 😀

### oclHashcat

First of all, this tool requires graphic processing unit (GPU) to crack passwords. The advantages of using GPUs vs. CPUs are so significant and this can be demonstrated with the use of oclHashcat.

This tool could help us crack NTLMv2 or WPAv2 ( Wifi ). You guys could have download it from here: http://hashcat.net/hashcat/. We can use this tool either on Windows or Linux.

With Kali Linux, we use some following commands:
( When I write this tutorial, the latest version of Hashcat is Hashcat 03.10.7 ).

wget https://hashcat.net/files/hashcat-3.10.7z

Then we unzip it

7za x hashcat-3.10.7z

It takes for a while then we see the result.

Then check its help.

I’m so appologize because when I make this tutorial, my computer doesn’t have GPU. :(. So I will show you guys how to use oclHashcat to crack wifi credential later. But I think you guys should try JtR today, it has many options for you to test.

If you guys have any problem when you crack a passwork, just leave a comment here. I will get back to you as soon as possible.