In this video walk-through, we covered basic use of John The Ripper tool to conduct various testings on hashes as part of the complete beginner pathway.

John the Ripper is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types. This room will assume no previous knowledge, so we must first cover some basic terms and concepts before we move into practical hash cracking.

Get OSCP Certificate Notes

Web Hacking & Pentesting Study Notes Notes

What are Hashes?

A hash is a way of taking a piece of data of any length and  representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM. Lets try and show this with an example:

If we take “polo”, a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash.

Likewise, if we take “polomints”, a string of 9 characters- and run it through the same MD5 hashing algorithm, we end up with an output of: 584b6e4f4586e136bc280f27f9c64f3b another standard 32 character MD5 hash.

What makes Hashes secure?

Hashing algorithms are designed so that they only operate one way. This means that a calculated hash cannot be reversed using just the output given. This ties back to a fundamental mathematical problem known as the P vs NP relationship .

While this is an extremely interesting mathematical concept that proves fundamental to computing and cryptography I am in no way qualified to try and explain it in detail here; but abstractly it means that the algorithm to hash the value will be “NP” and can therefore be calculated reasonably. However an un-hashing algorithm would be “P” and intractable to solve- meaning that it cannot be computed in a reasonable time using standard computers.

Where John Comes in…

Even though the algorithm itself is not feasibly reversible. That doesn’t mean that cracking the hashes is impossible. If you have the hashed version of a password, for example- and you know the hashing algorithm- you can use that hashing algorithm to hash a large number of words, called a dictionary. You can then compare these hashes to the one you’re trying to crack, to see if any of them match. If they do, you now know what word corresponds to that hash- you’ve cracked it!

This process is called a dictionary attack and John the Ripper, or John as it’s commonly shortened to, is a tool to allow you to conduct fast brute force attacks on a large array of different hash types.

Hash Cracking

The bulk of the video focuses on cracking hashes. The instructor demonstrates how to:

  • Identify hash types using online tools or hash-identifier.
  • Use the correct format for each hash type with John the Ripper (e.g., raw-md5, raw-sha1).
  • Crack hashes from provided files (hash1.txt, hash2.txt, etc.) and retrieve the passwords.

Windows Authentication Hashes (NTLM): The video explains how to crack Windows NTLM hashes by extracting them from the SAM database and running them through John the Ripper with the correct format (NT).

Cracking Linux Hashes: For Linux password hashes, the instructor shows how to extract relevant lines from the /etc/passwd and /etc/shadow files, then combine them in a single file to feed into John the Ripper using the sha512crypt format.

Single Crack Mode: The video also introduces single crack mode, which uses usernames in conjunction with hashes to generate password guesses. This is particularly useful when the password is related to the username.

Custom Rules and Cracking Zip and RAR Archives: The tutorial touches on custom rules, which allow for more complex cracking based on known password structures. It also demonstrates how to crack password-protected Zip and RAR files by extracting the hashes using tools like zip2john and rar2john.

SSH Key Cracking: Lastly, the video covers cracking an SSH private key file to retrieve the password and gain access to a system.

Room Link

Room Answers

What is the most popular extended version of John the Ripper?
 
What website was the rockyou.txt wordlist created from a breach on?
What type of hash is hash1.txt?
 

What is the cracked value of hash1.txt?

 

What type of hash is hash2.txt?

 

What is the cracked value of hash2.txt

 

What type of hash is hash3.txt?

 

What is the cracked value of hash3.txt

 

What type of hash is hash4.txt?

 

What is the cracked value of hash4.txt

What do we need to set the “format” flag to, in order to crack this?
 

What is the cracked value of this password?

What is the root password?
What is Joker’s password?
What do custom rules allow us to exploit?
 

What rule would we use to add all capital letters to the end of the word?

 
What flag would we use to call a custom rule called “THMRules”
What is the password for the secure.zip file?
 

What is the contents of the flag inside the zip file?

What is the password for the secure.rar file?
 

What is the contents of the flag inside the zip file?

What is the SSH private key password?
 

Video Walk-through

 
About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles