THM John The Ripper

Notes from John The Ripper Module

John the Ripper is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types.

What are Hashes?

A hash is a way of taking a piece of data of any length and representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM.

What makes Hashes secure?

Hashing functions are designed as one-way functions. In other words, it is easy to calculate the hash value of a given input; however, it is a difficult problem to find the original input given the hash value. By “difficult”, we mean that it is computationally infeasible.

Even though the algorithm itself is not feasibly reversible. That doesn’t mean that cracking the hashes is impossible. If you have the hashed version of a password, for example- and you know the hashing algorithm- you can use that hashing algorithm to hash a large number of words, called a dictionary. You can then compare these hashes to the one you’re trying to crack, to see if any of them match. If they do, you now know what word corresponds to that hash- you’ve cracked it!

This process is called a dictionary attack and John the Ripper, or John as it’s commonly shortened to, is a tool to allow you to conduct fast brute force attacks on a large array of different hash types.

What is the most popular extended version of John the Ripper?

jumbo john

Wordlists

In order to dictionary attack hashes, you need a list of words that you can hash and compare, unsurprisingly this is called a wordlist. There are many different wordlists out there, a good collection to use can be found in the SecLists repository. There are a few places you can look for wordlists on your attacking system of choice, we will quickly run through where you can find them.

You can find a series of amazing wordlists in the /usr/share/wordlists directory.

What website was the rockyou.txt wordlist created from a breach on?

rockyou.com

John Basic Syntax

john [options] [path to file]

john - Invokes the John the Ripper program

[path to file] - The file containing the hash you're trying to crack, if it's in the same directory you won't need to name a path, just the file.

Automatic Cracking

John has built-in features to detect what type of hash it’s being given, and to select appropriate rules and formats to crack it for you, this isn’t always the best idea as it can be unreliable- but if you can’t identify what hash type you’re working with and just want to try cracking it, it can be a good option! To do this we use the following syntax:

john --wordlist=[path to wordlist] [path to file]

--wordlist= - Specifies using wordlist mode, reading from the file that you supply in the following path...

[path to wordlist] - The path to the wordlist you're using, as described in the previous task.

Example Usage:

john — wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt

Identifying Hashes

Sometimes John won’t play nicely with automatically recognising and loading hashes, that’s okay! We’re able to use other tools to identify the hash, and then set john to use a specific format. There are multiple ways to do this, such as using an online hash identifier like this one. I like to use a tool called hash-identifier, a Python tool that is super easy to use and will tell you what different types of hashes the one you enter is likely to be, giving you more options if the first one fails.

To use hash-identifier, you can just pull the python file from gitlab using:wget https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py.

Then simply launch it with python3 hash-id.py and then enter the hash you're trying to identify- and it will give you possible formats!

Format-Specific Cracking

Once you have identified the hash that you’re dealing with, you can tell john to use it while cracking the provided hash using the following syntax:

john --format=[format] --wordlist=[path to wordlist] [path to file]

--format= - This is the flag to tell John that you're giving it a hash of a specific format, and to use the following format to crack it

[format] - The format that the hash is in

Example Usage:

john — format=raw-md5 — wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt

What type of hash is hash1.txt?

What is the cracked value of hash1.txt?

What type of hash is hash2.txt?

What is the cracked value of hash2.txt

What type of hash is hash3.txt?

What is the cracked value of hash3.txt

What type of hash is hash4.txt?

What is the cracked value of hash4.txt

NTHash / NTLM

NThash is the hash format that modern Windows Operating System machines will store user and service passwords in. It’s also commonly referred to as “NTLM” which references the previous version of Windows format for hashing passwords known as “LM”, thus “NT/LM”.

You can acquire NTHash/NTLM hashes by dumping the SAM database on a Windows machine, by using a tool like Mimikatz or from the Active Directory database: NTDS.dit. You may not have to crack the hash to continue privilege escalation- as you can often conduct a “pass the hash” attack instead, but sometimes hash cracking is a viable option if there is a weak password policy.

What do we need to set the “format” flag to, in order to crack this?

nt

What is the cracked value of this password?

Cracking /etc/shadow Hashes

The /etc/shadow file is the file on Linux machines where password hashes are stored. It also stores other information, such as the date of last password change and password expiration information. It contains one entry per line for each user or user account of the system. This file is usually only accessible by the root user- so in order to get your hands on the hashes you must have sufficient privileges, but if you do- there is a chance that you will be able to crack some of the hashes.

Unshadowing

John can be very particular about the formats it needs data in to be able to work with it, for this reason- in order to crack /etc/shadow passwords, you must combine it with the /etc/passwd file in order for John to understand the data it’s being given. To do this, we use a tool built into the John suite of tools called unshadow. The basic syntax of unshadow is as follows:

unshadow [path to passwd] [path to shadow]

unshadow - Invokes the unshadow tool

[path to passwd] - The file that contains the copy of the /etc/passwd file you've taken from the target machine

[path to shadow] - The file that contains the copy of the /etc/shadow file you've taken from the target machine

Example Usage:

unshadow local_passwd local_shadow > unshadowed.txt

Cracking

We’re then able to feed the output from unshadow, in our example use case called “unshadowed.txt” directly into John. We should not need to specify a mode here as we have made the input specifically for John, however in some cases you will need to specify the format as we have done previously using: --format=sha512crypt

john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt unshadowed.txt

What is the root password?

1234

Single Crack Mode

So far we’ve been using John’s wordlist mode to deal with brute forcing simple., and not so simple hashes. But John also has another mode, called Single Crack mode. In this mode, John uses only the information provided in the username, to try and work out possible passwords heuristically, by slightly changing the letters and numbers contained within the username.

Word Mangling

The best way to show what Single Crack mode is, and what word mangling is, is to actually go through an example:

If we take the username: Markus

Some possible passwords could be:

• Markus1, Markus2, Markus3 (etc.)
• MArkus, MARkus, MARKus (etc.)
• Markus!, Markus$, Markus* (etc.)

This technique is called word mangling. John is building it’s own dictionary based on the information that it has been fed and uses a set of rules called “mangling rules” which define how it can mutate the word it started with to generate a wordlist based off of relevant factors for the target you’re trying to crack. This is exploiting how poor passwords can be based off of information about the username, or the service they’re logging into.

Using Single Crack Mode

To use single crack mode, we use roughly the same syntax that we’ve used to so far, for example if we wanted to crack the password of the user named “Mike”, using single mode, we’d use:

john --single --format=[format] [path to file]

--single - This flag lets john know you want to use the single hash cracking mode.

Example Usage:

john — single — format=raw-sha256 hashes.txt

What is Joker’s password?

Jok3r

What are Custom Rules?

As we journeyed through our exploration of what John can do in Single Crack Mode- you may have some ideas about what some good mangling patterns would be, or what patterns your passwords often use- that could be replicated with a certain mangling pattern. The good news is you can define your own sets of rules, which John will use to dynamically create passwords. This is especially useful when you know more information about the password structure of whatever your target is.

Common Custom Rules

Many organisations will require a certain level of password complexity to try and combat dictionary attacks, meaning that if you create an account somewhere, go to create a password and enter:

polopassword

You may receive a prompt telling you that passwords have to contain at least one of the following:

• Capital letter
• Number
• Symbol

This is good! However, we can exploit the fact that most users will be predictable in the location of these symbols. For the above criteria, many users will use something like the following:

Polopassword1!

A password with the capital letter first, and a number followed by a symbol at the end. This pattern of the familiar password, appended and prepended by modifiers (such as the capital letter or symbols) is a memorable pattern that people will use, and reuse when they create passwords. This pattern can let us exploit password complexity predictability.

Now this does meet the password complexity requirements, however as an attacker we can exploit the fact we know the likely position of these added elements to create dynamic passwords from our wordlists.

How to create Custom Rules

Custom rules are defined in the john.conf file, usually located in /etc/john/john.conf if you have installed John using a package manager or built from source with make and in /opt/john/john.conf on the TryHackMe Attackbox.

Let’s go over the syntax of these custom rules, using the example above as our target pattern. Note that there is a massive level of granular control that you can define in these rules, I would suggest taking a look at the wiki here in order to get a full view of the types of modifier you can use, as well as more examples of rule implementation.

The first line:

[List.Rules:THMRules] - Is used to define the name of your rule, this is what you will use to call your custom rule as a John argument.

We then use a regex style pattern match to define where in the word will be modified, again- we will only cover the basic and most common modifiers here:

Az - Takes the word and appends it with the characters you define

A0 - Takes the word and prepends it with the characters you define

c - Capitalises the character positionally

These can be used in combination to define where and what in the word you want to modify.

Lastly, we then need to define what characters should be appended, prepended or otherwise included, we do this by adding character sets in square brackets [ ] in the order they should be used. These directly follow the modifier patterns inside of double quotes " ". Here are some common examples:

[0-9] - Will include numbers 0-9

[0] - Will include only the number 0

[A-z] - Will include both upper and lowercase

[A-Z] - Will include only uppercase letters

[a-z] - Will include only lowercase letters

[a] - Will include only a

[!£$%@] - Will include the symbols !£$%@

What do custom rules allow us to exploit?

password complexity predictability

What rule would we use to add all capital letters to the end of the word?

Az”[A-Z]”

What flag would we use to call a custom rule called “THMRules”

-rule=THMRules

Cracking a Password Protected Zip File

We can use John to crack the password on password protected Zip files. Again, we’re going to be using a separate part of the john suite of tools to convert the zip file into a format that John will understand.

Zip2John

Similarly to the unshadow tool that we used previously, we’re going to be using the zip2john tool to convert the zip file into a hash format that John is able to understand, and hopefully crack. The basic usage is like this:

zip2john [options] [zip file] > [output file]

[options] - Allows you to pass specific checksum options to zip2john, this shouldn't often be necessary

[zip file] - The path to the zip file you wish to get the hash of

> - This is the output director, we're using this to send the output from this file to the...

[output file] - This is the file that will store the output from

Example Usage

zip2john zipfile.zip > zip_hash.txt

Cracking

We’re then able to take the file we output from zip2john in our example use case called “zip_hash.txt” and, as we did with unshadow, feed it directly into John as we have made the input specifically for it.

john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt

What is the password for the secure.zip file?

pass123

What is the contents of the flag inside the zip file?

THM{w3ll_d0n3_h4sh_r0y4l}

Cracking a Password Protected RAR Archive

Rar2John

Almost identical to the zip2john tool that we just used, we’re going to use the rar2john tool to convert the rar file into a hash format that John is able to understand. The basic syntax is as follows:

rar2john [rar file] > [output file]

rar2john - Invokes the rar2john tool

[rar file] - The path to the rar file you wish to get the hash of

> - This is the output director, we're using this to send the output from this file to the...

[output file] - This is the file that will store the output from

Example Usage

rar2john rarfile.rar > rar_hash.txt

Cracking

Once again, we’re then able to take the file we output from rar2john in our example use case called “rar_hash.txt” and, as we did with zip2john we can feed it directly into John..

john --wordlist=/usr/share/wordlists/rockyou.txt rar_hash.txt

What is the password for the secure.rar file?

password

What is the contents of the flag inside the zip file?

THM{r4r_4rch1ve5_th15_t1m3}

Cracking SSH Key Passwords

SSH2John

As the name suggests ssh2john converts the id_rsa private key that you use to login to the SSH session into hash format that john can work with. Jokes aside, it’s another beautiful example of John’s versatility. The syntax is about what you’d expect. Note that if you don’t have ssh2john installed, you can use ssh2john.py, which is located in the /opt/john/ssh2john.py. If you’re doing this, replace the ssh2john command with python3 /opt/ssh2john.py or on Kali, python /usr/share/john/ssh2john.py.

ssh2john [id_rsa private key file] > [output file]

ssh2john — Invokes the ssh2john tool

[id_rsa private key file] - The path to the id_rsa file you wish to get the hash of

> - This is the output director, we're using this to send the output from this file to the...

[output file] - This is the file that will store the output from

Example Usage

ssh2john id_rsa > id_rsa_hash.txt

Cracking

For the final time, we’re feeding the file we output from ssh2john, which in our example use case is called “id_rsa_hash.txt” and, as we did with rar2john we can use this seamlessly with John:

john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa_hash.txt

What is the SSH private key password?

mango