Summary
This video provides a comprehensive guide on using John the Ripper, an open-source password cracking tool on Kali Linux. It covers essential steps including installation, extracting password hashes from the Linux shadow file, and utilizing wordlists like RockYou.txt to crack user account passwords. Additionally, the tutorial demonstrates how to crack password-protected ZIP files by converting them into hashes using zip2john and employing custom wordlists. The content is framed for educational purposes and ethical hacking, highlighting the technical process of testing system security vulnerabilities.
Key Insights
John the Ripper (JtR) is a versatile tool for penetration testing that requires hash extraction before cracking.
John the Ripper does not crack passwords directly in their plain text storage; it requires the hashed version of the password. For Linux system accounts, this means accessing the shadow file (/etc/shadow) with root privileges to extract the specific string associated with a user. For other file types, like ZIP archives, specialized conversion tools like zip2john must be used first to prepare the data for JtR to process.
The choice of wordlist is critical to the success and speed of a password-cracking attempt.
The video illustrates the use of the famous RockYou.txt wordlist, which contains millions of known passwords, as well as the creation of custom wordlists for targeted attacks. John the Ripper functions by checking every entry in these lists against the target hash. If the password is not in the list or the list is too large, the process can range from seconds to hours depending on system resources and the wordlist length.
Sections
Introduction and Ethical Disclaimer
Understanding the legal and ethical boundaries of using hacking tools.
The narrator strictly emphasizes that hacking is illegal and the content provided is for educational purposes only. Users are warned that attacking systems or computers they do not own can lead to serious legal consequences.
Overview of John the Ripper as a penetration testing tool.
John the Ripper is introduced as an open-source password cracking tool used primarily for ethical hacking. It works by testing various combinations against hashed passwords to find a match.
Installation and Environment Setup
Procedure for installing John the Ripper on a Linux machine.
While John the Ripper usually comes pre-installed on Kali Linux, the video demonstrates how to install it via the terminal using ‘sudo apt install john’. This ensures the tool is available for use regardless of the initial OS configuration.
Creating a test user account for cracking demonstrations.
The presenter creates a user named ‘David’ using the ‘sudo add user’ command. To make the demonstration realistic, a common password found online (‘12345678’) is assigned to this account, which is then verified by logging into the David account.
Cracking System User Passwords
Extracting the hashed password from the Linux shadow file.
Since JtR needs the password hash, the narrator navigates to the /etc folder and opens the ‘shadow’ file using ‘sudo gedit shadow’. The specific hash line corresponding to the user ‘David’ is copied and saved into a local file named ‘hash.txt’ on the desktop.
Preparing the RockYou wordlist for the cracking process.
The narrator locates the RockYou.txt wordlist in ‘/usr/share/wordlists/’. Because it is stored as a compressed .gz file, they use the ‘gunzip’ command to extract the plain text version necessary for the cracking tool.
Executing the crack command using specific formatting and paths.
The command ‘sudo john --format=crypt --wordlist=[path_to_rockyou] hash.txt’ is executed. This instructs John the Ripper to use the crypt format and the RockYou list to identify the password for the David account, which it successfully identifies as ‘12345678’.
Cracking Password-Protected ZIP Files
Creating a password-protected ZIP file for testing purposes.
A text file called ‘secret.txt’ is created and then zipped using the ‘zip -e’ command, which adds encryption. A specific password, ‘david123’, is set to protect the archive, and the original text file is deleted to simulate a scenario where the password is unknown.
Converting the ZIP file into a compatible hash format.
Because JtR cannot read a ZIP file directly, the narrator uses the ‘zip2john’ utility. Running ‘zip2john secret.zip > zip.has’ creates a new file containing the encrypted contents of the ZIP in a format that John the Ripper can analyze.
Generating and using a custom wordlist for targeted cracking.
To demonstrate flexibility, a custom wordlist titled ‘passwords.txt’ is manually created with a few guesses, including the correct password ‘david123’. JtR is then run with ‘sudo john --wordlist=passwords.txt zip.has’ to find the password.
Verifying the cracked password by extracting the ZIP file.
Once JtR reveals the password ‘david123’, the narrator uses the standard ‘unzip’ command. By entering the cracked password, they successfully restore the ‘secret.txt’ file, proving the tool worked as intended.
Ask a Question
*Uses 1 Wisdom coin from your coin balance