In this video walk-through, we covered basic use of John The Ripper tool to conduct various testings on hashes as part of the complete beginner pathway.

John the Ripper is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types. This room will assume no previous knowledge, so we must first cover some basic terms and concepts before we move into practical hash cracking.

Get OSCP Certificate Notes

What are Hashes?

A hash is a way of taking a piece of data of any length and  representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM. Lets try and show this with an example:

If we take “polo”, a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash.

Likewise, if we take “polomints”, a string of 9 characters- and run it through the same MD5 hashing algorithm, we end up with an output of: 584b6e4f4586e136bc280f27f9c64f3b another standard 32 character MD5 hash.

What makes Hashes secure?

Hashing algorithms are designed so that they only operate one way. This means that a calculated hash cannot be reversed using just the output given. This ties back to a fundamental mathematical problem known as the P vs NP relationship .

While this is an extremely interesting mathematical concept that proves fundamental to computing and cryptography I am in no way qualified to try and explain it in detail here; but abstractly it means that the algorithm to hash the value will be “NP” and can therefore be calculated reasonably. However an un-hashing algorithm would be “P” and intractable to solve- meaning that it cannot be computed in a reasonable time using standard computers.

Where John Comes in…

Even though the algorithm itself is not feasibly reversible. That doesn’t mean that cracking the hashes is impossible. If you have the hashed version of a password, for example- and you know the hashing algorithm- you can use that hashing algorithm to hash a large number of words, called a dictionary. You can then compare these hashes to the one you’re trying to crack, to see if any of them match. If they do, you now know what word corresponds to that hash- you’ve cracked it!

This process is called a dictionary attack and John the Ripper, or John as it’s commonly shortened to, is a tool to allow you to conduct fast brute force attacks on a large array of different hash types.

Room Link

Room Answers

What is the most popular extended version of John the Ripper?
What website was the rockyou.txt wordlist created from a breach on?
What type of hash is hash1.txt?

What is the cracked value of hash1.txt?

What type of hash is hash2.txt?

What is the cracked value of hash2.txt

What type of hash is hash3.txt?

What is the cracked value of hash3.txt

What type of hash is hash4.txt?

What is the cracked value of hash4.txt

What do we need to set the “format” flag to, in order to crack this?

What is the cracked value of this password?

What is the root password?
What is Joker’s password?
What do custom rules allow us to exploit?

What rule would we use to add all capital letters to the end of the word?

What flag would we use to call a custom rule called “THMRules”
What is the password for the secure.zip file?

What is the contents of the flag inside the zip file?

What is the password for the secure.rar file?

What is the contents of the flag inside the zip file?

What is the SSH private key password?

Video Walk-through

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles