JTR-Cracking Linux passwords-Long Version_11_29_2023
docx
keyboard_arrow_up
School
Baruch College, CUNY *
*We aren’t endorsed by this school
Course
2410
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
18
Uploaded by ejeah97
The lab Breakdown
READ
: If your hashing algorithm use “$6$
use --format=
sha512crypt
and if it uses “$y$” use --format=crypt
Lab summary:
We are going to create a few users whose passwords we are going to crack
using john the ripper (
JTR
). This is a two part lab, in the
first part
of the lab we are going to use
a wordlist named “
rockyou.txt
” that is included with Kali Linux, it contains about 14 Million
possible passwords. In the
second part
of the lab, we will create and use a custom wordlist
to
crack the passwords.
Phases of the lab
Phase#1
: Create some test users on the
Kali VM
with passwords..
Phase#2
:
Use the “
pwunconv
” command to combine the
/etc/passwd
and
/etc/shadow
files
into another file.
Phase#4
: Use the “
rockyou.txt
” wordlist to attempt to crack the passwords
Phase#3
: Create a custom “wordlist” (password file) containing the user’s password.
Phase#4
: Use john the ripper to attempt to crack the passwords using the custom password.
Remember john needs 3 things
A wordlist (
Wordlists are text files that contains
potential passwords that password
crackers like john the ripper uses to crack passwords.
)
A file containing the username+password hash pair
The name of the hashing algorithm used by the Operating
system ( --format=NT or --Format=sha512crypt)
Basic Syntax
John --format=?? --wordlist=path/to/wordlist.txt
path/to/filetocrack.txt
Hands-on
DO:
Start the “
kali Linux VM
”, logon as “
root
” and create some test users with passwords that
are easy to crack.
User Creation
Let’s create a few users and set their passwords
Syntax: username –m
<username>
;
create a new user account
Syntax: passwd
<username>
;
set/reset a user’s password
DO
:
Type
“
useradd
-m
cbrown
”
; create a new user named
cbrown
DO: Type “passwd
cbrown
”
; set his password to six ones (111111)
DO
:
Use the “cbrown” example as reference and create the other users in the table below with
the indicated passwords. The “
RED
” characters are
UPPERCASE
letters.
Note
:
snoopy
and
linus
have the same password
Username
password
cbrown
111111
woodstock
W
!nter2020
snoopy
P
@$$w
0
rd
;
0
is the number zero
lucy
B
@rtic@
linus
P
@$$w
0
rd
;
0
is the number zero
pigpen
p@ssw
o
rd
;
o
is the letter ‘oh”
DO
: Reset root’s password to
“w!nter2009”
Q: What command did you type? _____________________________________________
DO
: Clear the screen then type
tail
-n
6
/etc/passwd
to display the
last five lines
of the
/etc/passwd file, you should see the five users that were created. You should see a picture similar
to the following.
What is the
U
ser
Id
entification (UID) of snoopy? _____________________
DO
: Clear the screen then type
tail
-n
6
/etc/shadow
to display the last five lines of
the /etc/shadow file, you should see the
hashed password
of the six users that were created.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
DO:
Type “
pwunconv
” ; this will combine the /etc/passwd and /etc/shadow files into one file the
/etc/passwd file. The shadow file will no longer exist
The following picture illustrates the effect of “
pwunconv
” command using
sholmes
to illustrate.
READ: Now that we have all accounts and hashes in one file, we are going to use the “grep”
command copy the accounts of interest to a file named “filetocrack.txt” …which we will tell
john to crack
DO
: Type “
grep
root
/etc/passwd
”
; display all entries with the string “root’ in them
DO
: Type “
grep
-w
root
/etc/passwd
”
; Tell
grep
to display only lines that have
the
word
(w)
root.. Look at the following screenshot.
DO: Type
the
“grep
”
commands in the following picture to extract only the entries of interest
from the
/etc/passwd
file and send them to a file named “
filetocrack.txt
”. The “filetocrack.txt” is
the file we will tell john to crack.
Note: Alternately, you can use the following command to do the same thing as the screenshot
grep
-E
‘^(root|cbrown|woodstock|snoopy|lucy|linus|pigpen)’
/etc/passwd
>
filetocrack.txt
DO
: Clear the screen then type cat
filetocrack.txt
,
you should see something similar to the
following. The file only contains the seven accounts whose passwords we will attempt to crack.
NOTE: The file contains both the “
usernames
” and the “
hashed passwords
”
Let’s return the system to it’s normal state
DO: Type “pwcon
v”
;
separates the
/etc/passwd
and the
/etc/shadow
files
DO
: Type the two commands shown in the following screenshot and note the result
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Let’s get the “rockyou.txt” wordlist
Note: To use the “rockyou.txt” wordlist you must first uncompress it
DO
: Type “
ls
–lh
/usr/share/wordlists/rockyou.txt.gz
”
; displays the file
What’s the compressed size of the file?
______________________________
DO
: Type “
gunzip
/usr/share/wordlists/rockyou.txt.gz
”
; uncompress the file
DO
: Type “
ls
–lh
/usr/share/wordlists/rockyou.txt
”.
What’s the uncompressed size of the file?
_______________________________
DO
:
Type “
wc
–l
/usr/share/wordlists/rockyou.txt
”
; use the word count (wc) command
to counts the number of lines (entries) in the file.
How many lines (potential passwords) are in the file (The leftmost number) ?_____________
DO
: Type “
grep
head
/usr/share/wordlists/rockyou.txt
”;
list possible password that
have
the string “head” as part of them.
DO
: Type “
grep
head
/usr/share/wordlists/rockyou.txt
|
wc
–l
” ;
uses the
word count (wc) command
to count how many potential passwords have the string “head” in
them…Don’t do anything just wait until it finish on it’s own.
DO:
Type “
cp
/usr/share/wordlists/rockyyou.txt
/root
”
; copy the file to /root to avoid
having to type in a long path.
DO
: Type
ls
; list the content of the current directory, you should see the
rockyou.txt
file
READ
: Before we attempt to crack the passwords, lets determine how many of the passwords
we intend to crack are in the ‘rockyou.txt” file, this will tell us how many of the passwords will
eventually
be cracked by john.
NOTES
:
If the password is in the file it means that
eventually
john
will be able to crack it, if the
password is not in the file it means that
john
will not be able to crack the password.
READ
: In the following commands, be sure to surround the passwords with
single quotes
, the
one that shares the same key as the double quotes
.
DO
: Type
grep
-w
‘111111’
rockyou.txt
; is the password in the file? Y/N
DO
: Type
grep
-w
‘
P
@$$w0rd’
rockyou.txt
; is the password in the file?Y/N
DO
: Type
grep
-w
‘
W
!nter2020’
rockyou.txt
; is the password in the file?Y/N
DO
: Type
grep
-w
‘p@ssword’
rockyou.txt
; is the password in the file?Y/N
DO
: Type
grep
-w
‘
B
@rtic@’
rockyou.txt
; is the password in the file?Y/N
DO
: Type
grep
-w
‘w!nter2009’
rockyou.txt
; is the password in the file? Y/N
DO: List the users whose passwords will eventually be cracked: _____________________
________________________________________________________________________
Time to crack the passwords
READ
: If your hashing algorithm use “$6$
use --format=
sha512crypt
and if it uses “$y$” use --format=crypt
DO
: Type
“john
- -format=sha512crypt
- -wordlist=rockyou.txt
filetocrack.txt
”
Note: It should crack “cbrown” password quickly. Refer to the following picture.
DO: Wait for about 5 minutes and pigpen’s
password
will be cracked. Refer to the
following picture
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
DO: Press “
CTRL+C”
or the letter “
q
”
to
temporarily pause
the cracking process go to the
command prompt.
DO
: Type
“john
- -show
filetocrack.txt
”;
display cracked passwords
You should see the following
DO: Type “john
- -restore
” ;
resume the cracking
DO: Press “
any
” key to display the current potential password that JTR is trying.
DO: WAIT 30 minutes and see if JTR can crack any other, then press “
CTRL+ C
”
to exit
Q: Were any
other
passwords cracked after 30 minutes? Y/N
DO: List the names of the users whose passwords were cracked
________________________________________________________________________
DO: List the names of the users whose passwords were not cracked
________________________________________________________________________
DO: Type “john
- - show
filetocrack.txt
”
;
displays the names and corresponding
cracked passwords.
DO: Take a screenshot and paste it below
Part2: Creating and using a “custom” wordlist
READ:
The first thing that has to be done
is to “
zero
”
or
“
delete
” the
./john/john.pot
file
since john will not re-creak passwords that have already been crack.
DO: Type “rm
–rf
.john/john.pot
”
;
delete “john.pot” to start from scratch, the file
will be automatically be created when john is run.
Let’s create a small custom wordlist
READ
: The following commands will use the “
echo
” command to place some potential
passwords in a text file named “
mywordlist.txt
”. Wordlists are text files that contains potential
passwords that john the ripper uses to crack passwords. The single quote is on the same key as
the double quote and is required so that special characters like “@ and $” are accepted as
characters in a password.
DO
: Type the following lines to create a wordlist named “
mywordlist.txt
”
NOTE
: “
p@ssword
” and “
w!nter2009
”
have been left out on purpose to see what happens when
john reaches the end of the password list and no “match” is found.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
DO
: Type “
cat
mywordlist.txt
”
to display the content of the file. You should see the
following.
READ: If you do not see all six passwords, exactly as shown in the previous screen, then type
“
rm
–rf
mywordlist.txt
” to delete the file, and then re-type the “
echo
” commands.
OK let’s get cracking
DO
: Type”
john
- -format=sha512crypt
- -wordlist=my
wordlist.txt
filetocrack.txt
”
READ: All passwords that are in
the”mywordlist.txt” file should
cracked within a few
seconds, and you will exit from john because it has run out of potential passwords to try.
.
Note: Pigpen(p@ssword) and root’s(w!nter2009) passwords are not in the custom wordlist
so
they were not cracked.
DO:Type “
cat
.john/john.pot
”
;; shows all cracked passwords and corresponding hashes
(but not names). Refer to the following screenshot.
DO
: Type “
john
- - show
filetocrack.txt
” , you should see the following which shows all
of the cracked passwords and the corresponding names.
OK, let’s add the two missing passwords to the “mywordlist.txt” file , delete the
john.pot
file
and
then try to crack again
DO
: Type
echo
‘p@ssword’
>>
mywordlist.txt
DO: Type
echo ‘
w!nter2009’
>>
mywordlist.txt
DO: Type ”
cat
mywordlist.txt
”
;
the updated wordlist; you should see the following
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Let’s delete the “john.pot” file
DO: Type “
rm
-rf
.john/john.pot
“
; This will
delete the
“john.pot” file
let’s crack again
DO
: Type”
john
- -format=sha512crypt
- -wordlist=my
wordlist.txt
filetocrack.txt”
DO: Type “
cat
.john/john.pot
” ; display cracked passwords (no names are shown)
DO: Type “
john
- -show
filetocrack.txt
” ; you should see the following, which shows
both the cracked passwords and the corresponding names.
Conclusion
:
john’s ability to crack passwords depends on a
wordlist list
that has the potential
password in it.
If the wordlist list contain the password but is a big file (many passwords) the password
will eventually be cracked, but it will take time depending on where in the file the
potential password is located ( top of file? Middle of
file? All the way at the bottom of
the file? ) ...hours? days/ weeks?
If the password file does not contain the password ..john will Exit and the password
will
not be cracked.
Answer the following question:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help