Cracking hashed passwords with John the Ripper

A John the Ripper tutorial

So… you have finally rooted the server and aquired the coveted /etc/shadow file. You want to reassure your access later on. What do you do now? If installing a rootkit is out of the question, or you would like to grab some passwords to pivot to other machines in the network, or whatever your usecase: crack the passwords. This is much faster than brute forcing from the outside of a network, as you have the hashes local to just run the algorithm against.

Why hashes?

We use hashes because they work one way, only mathematically. So you can have a list of hashes on a server, but the passwords are not in plain text. This makes it more difficult to pivot to other accounts within a system, or across a database, because say, your password is hello123, the SHA256 hash is 27cc6994fc1c01ce6659c6bddca9b69c4c6a9418065e612c69d110b3f7b11f8a for example, but there isn’t a way to reverse that hash back to hello123 without having the password in a list or simply running through all the combinations of characters until you encounter the matching hash.

John

Here is where John the Ripper comes in.

Note: If your password hash and or file format is not supported, you can try Jumbo Ripper branch (availble on GitHub).

Lets show the help page:

John the Ripper password cracker, version 1.8.0
Copyright (c) 1996-2013 by Solar Designer
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--single                   "single crack" mode
--wordlist=FILE --stdin    wordlist mode, read words from FILE or stdin
--rules                    enable word mangling rules for wordlist mode
--incremental[=MODE]       "incremental" mode [using section MODE]
--external=MODE            external mode or word filter
--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
--restore[=NAME]           restore an interrupted session [called NAME]
--session=NAME             give a new session the NAME
--status[=NAME]            print status of a session [called NAME]
--make-charset=FILE        make a charset, FILE will be overwritten
--show                     show cracked passwords
--test[=TIME]              run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
--salts=[-]N               load salts with[out] at least N passwords only
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3
--node=MIN[-MAX]/TOTAL     this node's number range out of TOTAL count
--fork=N                   fork N processes
--format=NAME              force hash type NAME: descrypt/bsdicrypt/md5crypt/
                           bcrypt/LM/AFS/tripcode/dummy/crypt

Note: that all the “=” signs are important and must be used for correct syntax.

unshadow passwd shadow > unshadow.1

Please note that you need both the /etc/shadow and the /etc/passwd files for this to work, and the passwd must be specified first for unshadow.

cat unshadow
marshall:$y$j9T$dMck5DYLyWMQiZl4xARn9.$tZQWL4O3LMl9sEVxFyU0/KXZzT9pmvW1UIoK5QoBO2D:1000:1000:Marshall Whittaker,,,:/home/marshall:/bin/bash

You’ll need a good wordlist to crack passwords in any reasonable ammount of time. I host some here.

Now that you have unshadowed the hash you can run:

zcat /var/storage/Wordlists/rockyou.lst.gz |  john --format=crypt --stdin --users=marshall unshadow.1

I used zcat here to on-the-fly gunzip the password list (large, so gzip is used for compression here), I also specified the format as crypt because $y$ isn’t always detected reliably as a hash. I also specified stdin as my input because it’s coming piped in from zcat, and that the only username I would like to crack is “marshall”, my test hash.

You should now see some output similar to:

Loaded 1 password hash (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
password1        (marshall)
1g 0:00:00:01 0.6896g/s 66.20p/s 66.20c/s 66.20C/s 123456..yellow
Use the "--show" option to display all of the cracked passwords reliably
Session completed

If you somehow miss the password the first time the crack finishes, you can always call it back from the database by running:

john unshadow --show

There are a plethora of “rule” sets you can also use to imporve your crack reliability (if it’s not in the list already), but note that this will incrase crack time considerably.

If you found this tutorial useful, I have another on crackin Bitcoin wallet.dat files.

Hope you’ve enjoyed my John the Ripper cracking tutorial, and happy hashing!