John the Riper - A noob friendly guide

By ghost | 17446 Reads |

0     0

• John the Ripper - A noob friendly guide
  • The Challange
  • The Program
  • Starting it up (Basic Windows CLI)
  • D:\My Programs\jtr\john1701\run>
  • Using John the Ripper
  • To execute a wordlist attack using the Wordlist.txt file, on the password.txt file, we use this type of command
  • D:\My Programs\jtr\john1701\run>john-386 –wordlist=wordlist.txt password.txt
  • To execute a brute-force attack on the password.txt file, we use this type of command
  • D:\My Programs\jtr\john1701\run>john-386 password.txt

#–––––––––––––––––––––––#

¶John the Ripper - A noob friendly guide

#–––––––––––––––––––––––#

Okay. So if you’re reading this, you’re likely at the point in the HBH Challenges where you have to crack a DES password. Because of this, I’m going to use the Other 10 Challenge as an example.

This tutorial not just explains using the program itself, but also the required knowledge of the Windows Command Prompt to start it.

¶The Challange

Firstly, let’s grab the hash we need to crack. In Other 10, the hash is “hbh:spnlhmTpnxYQ.” (yes, that period at the end is part of the hash). For those of you who aren’t aware or didn’t notice, this type of hash is made up of both the username, and the password. In this case, as you might be able to discern, the username is “hbh”. So if you see a password that looks like that, 99.99% chance is that it’s a DES hash.

As I’ve said, you’ll encounter a few of these at your time here at HBH. You can also spot them at other times in your cyber adventures. The most common place is the Apache Web Server in the “.htpasswd”. This file usually contains a list of usernames and passwords used to access certain areas of the site.

¶The Program

First of all, we need to download John the Ripper. If you’ve already got it, skip this part.

http://www.openwall.com/john/

Go to this website. Now, depending on your Operating system, this will probably vary. But if you’re a user of a *NIX system, you’d be able to identify this yourself. So by default, I’ll assume you’re a Windows user (no offense guys). So let’s look for the Free Windows Binary version. Found it? Beautiful! Let’s download it.

Just extract this ZIP archive anywhere you like. But if you aren’t too adept at the CLI (Command Line Interface, or for Windows, DOS), just unzip it in the root of your C: directory.

¶Starting it up (Basic Windows CLI)

Alright. I’ll assume we don’t have much prior knowledge of the Windows command line. But that’s alright! I’ll give you a quick run down. If you know enough about DOS to get to JTR, skip this section.

First thing we want is to open our command line. You can find it under “Start -> Programs -> Accessories -> Command Prompt”. I prefer to open the Run command, and type either “cmd” or “command”. Either way is fine.

Now your screen should say something like “C:\documents and Settings\User 1>”. Let’s say we extracted John the Ripper into the path of “D:\My Programs\jtr".

First thing we need to do is switch drives. If you extracted John the Ripper to your C: drive, ignore this. To change the drive using the CLI, just type in the drives letter. Example in this case, just type in “D:”. You’re screen should now say “D:>”.

Now to get to the directory! We can this this all in one leap, or piece by piece. For this example, let’s jump the whole way in one go. So what we do here is use the “cd” or “chdir” command. As you can see above, our destination path has a space in it (“My Programs”). The CLI doesn’t really like this. So to goto the new directory, type in “cd [PATH]”. In our case, it’s “cd “D:\My Programs\jtr””. You’ll notice that I have extra quotation marks around the Path. Leave these in if you have a space anywhere in the path.

After this, we need to go to the program itself, since the ZIP file has directories within itself. This is as simple as typing “cd john1701\run”. That’s an example of how to use the cd command without quotation marks, since we don’t have a space anywhere in the path.

So if you’ve done it right, your screen should look something like this.

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

C:\documents and Settings\User 1>D:

D:>cd “D:\My Programs\jtr”

D:\My Programs\jtr>cd john1701\run

¶D:\My Programs\jtr\john1701\run>

If it looks something like that, you’re on the right track. Onto the program itself!

¶Using John the Ripper

Woo! Finally we’re here. We can now use JTR.

Okay. So the program we’re going to use is in the file “john-386.exe”. Before we use this, we need to create a password file.

Let’s rip open Notepad, and paste in our hash to break. In this case, it’s just “hbh:spnlhmTpnxYQ.”. Save it in the same directory as the program (in this case, “D:\My Programs\jtr\john1701\run”). Let’s call it “password.txt” (it can be called anything, but let’s keep it simple).

With JTR (and some other CLI using programs), you can find out the programs parameters and sometimes a basic “How To” by just typing in the programs name. In this case, we just type in “jonh-386”. Now you should have a list of all the things we can do with JTR. Cool, isn’t it? But we don’t really need all of that. For the sake of the simplicity of this guide, let’s focus on Dictionary Attacks, and Brute Force attacks.

WORDLIST/DICTIONARY ATTACKS As you can see, there’s an option for using a wordlist (“–wordlist=FILE“). Fortunately, there’s a simple wordlist given to us with JTR, the “Wordlist.txt” file. The beauty of a wordlist, is what we can do is instead of trying every password on the earth, is we can try every password on a wordlist. This can be very handy, since a lot of people’s passwords are just the names of their pets, family members, favourite movie or something. Trying a wordlist first is always a good idea.

¶To execute a wordlist attack using the Wordlist.txt file, on the password.txt file, we use this type of command

¶D:\My Programs\jtr\john1701\run>john-386 –wordlist=wordlist.txt password.txt

Of course, this is going to change slighty, since you’ll likely be using different filenames. But in essence, that’s how you can break a DES hash with a wordlist.

BRUTE-FORCE ATTACKS Wouldn’t it be awesome if everyone were stupid and used normal words for their passwords, and let wordlists do the work for us? Yeah, it would. But of course, that ain’t gonna happen. Any smart user will probably use a combination of letters and numbers. In cases like this, we have to resort to a good old fashioned Brute force attack.

As the name probably suggests, a brute force attack manually tries every possible combination of letters and numbers (in some cases, symbols too) until the correct combination is found. This process, however, can take years. Using an your average home computer, this really isn’t a practical thing, for all but the shortest passwords. But of course, it’s almost guaranteed to work. (I say almost, because the character list can sometimes not contain the necessary characters).

¶To execute a brute-force attack on the password.txt file, we use this type of command

¶D:\My Programs\jtr\john1701\run>john-386 password.txt

That’s pretty straight forward, no?

Oh yes. And if you wish to stop JTR running at any time, press Ctrl-C. After all, these kinds of things can take a long time, and we can tend to give up on it after a while.

Well, that’s the pretty through basics of using JTR. It may seem pretty simple, but it is a pretty powerful program. Of courses, there’s a heap of articles and documentation about JTR, and how to use it in even greater detail, but hopefully this has answered a few of your questions about it. Comments and ratings appreciated, since this is my first article.

-manticore

BTW: If you’re on the hunt for new wordlists, try looking at this site. http://www.theargon.com/achilles/wordlists/