-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJohn The Ripper
188 lines (129 loc) · 5.02 KB
/
John The Ripper
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
#Task 2 Setting up John the Ripper
- What is the most popular extended version of John the Ripper?
Jumbo John
#Task 3 Wordlists
- What website was the rockyou.txt wordlist created from a breach on?
rockyou.com
#Task 4 Cracking Basic Hashes
- What type of hash is hash1.txt?
hint: apt install hash-identifier
hash-identifier
2e728dd31fb5949bc39cac5a9f066498
or hashid -m 2e728dd31fb5949bc39cac5a9f066498
or https://www.tunnelsup.com/hash-analyzer/
MD5
- What is the cracked value of hash1.txt?
hint:john --list=formats | grep -iF "md5"
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt
john --show --format=raw-md5 hash1.txt
biscuit
- What type of hash is hash2.txt?
hint: hash-identifier
1A732667F3917C0F4AA98BB13011B9090C6F8065
hashid -m 1A732667F3917C0F4AA98BB13011B9090C6F8065
https://www.tunnelsup.com/hash-analyzer/
SHA1
- What is the cracked value of hash2.txt
hint: john --list=formats | grep -iF "sha1"
john --format=raw-sha1 --wordlist=/usr/share/wordlists/rockyou.txt hash2.txt
john --format=raw-sha1 hash2.txt
kangeroo
- What type of hash is hash3.txt?
cat .\hash3.txt
hashid -m D7F4D3CCEE7ACD3DD7FAD3AC2BE2AAE9C44F4E9B7FB802D73136D4C53920140A
hash-identifier
D7F4D3CCEE7ACD3DD7FAD3AC2BE2AAE9C44F4E9B7FB802D73136D4C53920140A
https://www.tunnelsup.com/hash-analyzer/
SHA256
- What is the cracked value of hash3.txt
hint: john --list=formats | grep -iF "sha256"
john --format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt hash3.txt
john --show --format=raw-sha256 hash3.txt
microphone
- What type of hash is hash4.txt?
cat hash4.txt
hashid -m c5a60cc6bbba781c601c5402755ae1044bbf45b78d1183cbf2ca1c865b6c792cf3c6b87791344986c8a832a0f9ca8d0b4afd3d9421a149d57075e1b4e93f90bf
cat hash4.txt | hash-identifier
whirlpool
- What is the cracked value of hash4.txt
hint: john --list=formats | grep -iF "whirlpool"
john --format=whirlpool --wordlist=/usr/share/wordlists/rockyou.txt hash4.txt
john --show --format=whirlpool hash4.txt
colossal
#Task 5 Cracking Windows Authentication Hashes
- What do we need to set the "format" flag to, in order to crack this?
hint: cat ntlm.txt | hash-identifier
cat ntlm.txt | hashid -m
john --list=formats | grep -iF "ntlm"
NT
- What is the cracked value of this password?
hint: john --format=NT --wordlist=/usr/share/wordlists/rockyou.txt ntlm.txt
john --show --format=NT ntlm.txt
mushroom
#Task 6 Cracking /etc/shadow Hashes
- Now, see if you can follow the process to crack the password hash of the root user that is provided in the "etchashes.txt" file. Good luck!
hint:
cat etchashes.txt
This is everything I managed to recover from the target machine before my computer crashed... See if you can crack the hash so we can at least salvage a password to try and get back in.
root:x:0:0::/root:/bin/bash
root:$6$Ha.d5nGupBm29pYr$yugXSk24ZljLTAZZagtGwpSQhb3F2DOJtnHrvk7HI2ma4GsuioHp8sm3LJiRJpKfIf7lZQ29qgtH17Q/JDpYM/:18576::::::
vi hash.txt
$6$Ha.d5nGupBm29pYr$yugXSk24ZljLTAZZagtGwpSQhb3F2DOJtnHrvk7HI2ma4GsuioHp8sm3LJiRJpKfIf7lZQ29qgtH17Q/JDpYM/
cat hash.txt | hashid -m
[+] SHA-512 Crypt [Hashcat Mode: 1800]
vi hash2.txt
root:$6$Ha.d5nGupBm29pYr$yugXSk24ZljLTAZZagtGwpSQhb3F2DOJtnHrvk7HI2ma4GsuioHp8sm3LJiRJpKfIf7lZQ29qgtH17Q/JDpYM/:18576::::::
john --list=formats | grep -iF "sha512"
john --wordlist=/usr/share/wordlist/rockyou.txt --format=sha512crypt hash2.txt
john --show --format=sha512crypt hash2.txt
1234
#Task 7 Single Crack Mode
- What is Joker's password?
vi hash7.txt
Joker:7bf6d9bb82bed1302f331fc6b816aada
john --single --format=raw-md5 hash7.txt
john --show hash7.txt --format=raw-md5
Jok3r
#Task 8 Custom Rules
- What do custom rules allow us to exploit?
password complexity predictability
- What rule would we use to add all capital letters to the end of the word?
Az"[A-Z]"
- What flag would we use to call a custom rule called "THMRules"
--rule=THMRules
#Task 9 Cracking Password Protected Zip Files
What is the password for the secure.zip file?
zip2john secure.zip > secure.txt
john --wordlist=/usr/share/wordlists/rockyou.txt secure.txt
john --show secure.txt
pass123
- What is the contents of the flag inside the zip file?
hint: unzip secure.zip
pass123
cat zippy/flag.txt
THM{w3ll_d0n3_h4sh_r0y4l}
#Task 10 Cracking Password Protected RAR Archives
- What is the password for the secure.rar file?
hint: rar2john secure.rar > hash.txt
cat hash.txt | hashid -m
john --wordlist=/usr/share/wordlist/rockyou.txt hash.txt
john --show hash.txt
password
- What is the contents of the flag inside the zip file?
hint: unrar sercure.rar
password
THM{r4r_4rch1ve5_th15_t1m3}
#Task 11 Cracking SSH Keys with John
- What is the SSH private key password?
hint: git clone https://github.com/openwall/john.git
cd john
cd run
python3 ssh2john idrsa.id_rsa >ssh.txt
john --wordlist=/usr/share/wordlists/rockyou.txt ssh.txt
john --show hash.txt
mango
https://tryhackme.com/room/johntheripper0
https://kenken17.medium.com/thm-john-the-ripper-c9cf80030616
https://halloper123.medium.com/tryhackme-john-the-ripper-writeup-edbef564bf38
https://pypi.org/project/hashcrack/
pip install hashcrack