How To Crack Windows And Other Password Using John The Ripper

A strong password storage strategy is critical to mitigating data breaches that put the reputation of any organization in danger. Hashing is the foundation of secure password storage.

So,Lets discuss what are password hashes and how to crack different password hashes.

What is Hash ?

Password are stored as either a plain text or their hash values inside a filesystem or a database.A hash is basically a one-way cryptographic algorithm;the thing about a ash is that it’s irreversible , which means that once a plain text password is sent across a hashing algorithm it’s not possible for it to return into its original state .

The only way you can do it by guessing the word and running it through hashing algorithm and then comparing it with original hash.This is the process that is used to crack a password hash.

Now, you might ask why don’t we add the dumped hash into password field(If you are testing login tabs) but that to wont work , because if you do so you will be generating hash of that hash which again wont match.

Hashing Algorithms

To convert normal txt into a hash we use hashing algorithm , There are different types of hashing algorithms ;most popular among them are MD5 and SHA. By looking at the hashes we cannot exactly figure out what type of hashing algorithm is being used.

ScriptKiddie Tip: You can make exact guess of what hashing algorithm is being used by comparing the hash length for e.g the MD5 hash would have no more than 32 characters and SHA-1 will not have more than 40 character.

You can make use of Hash Analyzer which may help you to identify the hash type.

John The Ripper

When it comes to password cracking the only tool comes in my mind is JTR.It is an open source password cracker and one of the most popular tool.it’s one of the fastest password cracker around and the cherry on the cake is that ,it is pre-installed in Linux.

JTR can perform both type of attacks Brute force and Dictionary attack .JTR comes with pre installed wordlist ,but i would recommend you not to use that as it is outdated , you can create your own wordlist or you can make use of your information gathering skills and generate your own wordlist which will aid you in cracking passwords .You can also make use of online password files which might increase you chances.

Cracking windows password with JTR

Now as we know that windows save their passwords using NTLM hash which we can crack using JTR.

We will discuss about this and linux hashing algorithm when we discuss about remote exploitation of those machines and dumping hashes.

Let’s say we have dumped password hashes ,now its time to get the plain text password.

Step 1: Launching JTR

Invoking JTR is pretty simple , you just need to type john in the terminal window.

Step 2:Creating Demo Hashes

you can create demo hashes my visiting below webpage:

https://www.browserling.com/tools/all-hashes

Just select the type of hashing algorithm you want and type the plain password , and then click on calculate hashes .

Step 3:Generating Wordlist

Now its time to create the wordlist ,i will be using cat command in order to create small wordlist.txt

We will be creating 3 wordlist.txt files for MD5 and SHA512 hashing algorithm.

To create wordlist type the following command:

cat > WORDLIST_NAME

once you hit enter the cursor will go down , now you can type the list of passwords that you want in your wordlist , once you are done with this press CTRL +D This will save the wordlist .

To check whether the list is saved or not ,type cat followed by FILE_NAME, it will list all the contents in your wordlist.

Note: Make sure you add that password of which you have created the hash otherwise you wont be able to crack the password.

Step 4:Let the Cracking Begin

Now let’s use JTR to crack hashes

Type the following command to being hash:

john --format=md5 /root/Desktop/MD5hash --wordlist=/root/Desktop/MD5Crack

Above command john is used to invoke the tool --format is used to specify the type of hashing /root/Desktop/MD5hash is the path of my hashed file --wordlist is used to set the path of our wordlist.

As you can see JTR was able to crack password for my hash.

Below are some other cracked password which was able to crack using JTR.

SHA512 Password cracked using JTR:

JTR is amazing password cracker used during pentesting exercises that can help IT staff spot weak passwords and poor password policies.

Here is the list of encryption technologies found in JtR:

• UNIX crypt(3)
• Traditional DES-based
• “bigcrypt”
• BSDI extended DES-based
• FreeBSD MD5-based (linux and Cisco IOS)
• OpenBSD Blowfish-based
• Kerberos/AFS
• Windows LM (DES-based)
• DES-based tripcodes
• SHA-crypt hashes (newer versions of Fedora and Ubuntu)
• SHA-crypt and SUNMD5 hashes (Solaris).

You can also view the hashing formats that JTR supports by typing below command in JTR.This will list all the hashing formats that JTR supports.

--list=formats

Try cracking other hashing algorithm , and explore JTR as much as you can it will improve your guessing and cracking skills.

Keep Coming for more .

Happy Hacking!!