Thursday, 9 October 2014

John The Ripper - Beginners - Ubuntu- how to

I know I said I would mainly be blogging about SQL/Dynamics and object orientated Java, but I was reading Linux Voice magazine on the train back from London and there was an article in there about using John the ripper in Linux to crack md5 hash passwords. So last night I had a look into this and wanted to share some of the pitfalls that beginners in Linux Ubuntu might stumble on I know I certainly did...

To begin with open a command terminal and type

sudo apt-get install john

If you are a complete beginner to Ubuntu (Linux) remember that when you are prompted for you password the characters will not appear as you type.

Keep an eye on the terminal window whilst John the ripper is installing as at some point you will have to press Y to confirm the actions of the download/install.

When it is finished you then need to combine the /etc/passwd and /etc/shadow files so john can use them

sudo /usr/sbin/unshadow /etc/passwd /etc/shadown > /tmp/crack.password.db

Now you should be ready to go. To begin with it is worth testing the cracking tool with a standard file that comes with the install. Type the below into the command line

john /tmp/crack.password.db
this loads the file and works through the hash file and when it is complete type

john -show /tmp/crack.password.db

This will show you the passwords decrypted.

So before we move on, lets talk about what md5 hashing is, how it works and why it is no longer as widely used, but surprisingly still used by some.

In very simple terms md5 hash passwords are globally the same  so if your password is skyline the encrypted file will be something like 11fg23hjk2. John the ripper takes 11fg23hjk2 and checks it against it's standard dictionary and looks for the hash password 11fg23hjk2 and then pulls the word that is next to this. In this case it would be skyline.

The dictionaries can be amended and changed to include other words and this is where we get into putting letters after the password, using capitals, using symbols etc....The dictionaries can be amended to include this methodology of checking as well...

Now how fast the hashed passwords are checked against the dictionaries is all down to your computers processing power and in some instances the type of dictionary you use i.e using a dictionary of combined English and French for checking just passwords originated in France would take a lot longer than changing what dictionary john uses to just the French dictionary..


I will more than likely do another post on dictionary setups etc as that is pretty confusing leap from what we have just gone over.

No comments:

Post a Comment