|
|
@@ -0,0 +1,114 @@
|
|
|
+---
|
|
|
+title: Password/Hash Cracking with John
|
|
|
+categories: [cheatsheets]
|
|
|
+tags: [cracking, passwords, john]
|
|
|
+---
|
|
|
+
|
|
|
+# Password/Hash Cracking - John the Ripper
|
|
|
+
|
|
|
+* [Basic Usage](#basic-usage)
|
|
|
+* [Advanced Usage](#advanced-usage)
|
|
|
+ - [Modes](#modes)
|
|
|
+ - [Wordlist Mode](#wordlist-mode)
|
|
|
+ - [Single Crack Mode](#single-crack-mode)
|
|
|
+ - [Incremental Mode](#incremental-mode)
|
|
|
+
|
|
|
+
|
|
|
+* John: [https://www.openwall.com/john](https://www.openwall.com/john)
|
|
|
+* Documentation: [https://www.openwall.com/john/doc/](https://www.openwall.com/john/doc/)
|
|
|
+
|
|
|
+
|
|
|
+## Basic Usage:
|
|
|
+
|
|
|
+* Basic Command structure: `john [OPTIONS] <hash-file>`
|
|
|
+* Using a wordlist to crack
|
|
|
+```
|
|
|
+john --wordlist=rockyou.txt hash.txt
|
|
|
+```
|
|
|
+* Specifying the hash-format (`--format`)
|
|
|
+```
|
|
|
+john --wordlist=rockyou.txt --format=md5 hash.txt
|
|
|
+```
|
|
|
+* Showing the cracked password²
|
|
|
+```
|
|
|
+john --show hash.txt
|
|
|
+```
|
|
|
+* Restore an interrupted session (when canceled with Ctrl-C or q)²
|
|
|
+```
|
|
|
+john --restore
|
|
|
+```
|
|
|
+
|
|
|
+* ² Session Information is stored in `$HOME/.john/`.
|
|
|
+
|
|
|
+
|
|
|
+## Advanced Usage:
|
|
|
+
|
|
|
+### Modes
|
|
|
+
|
|
|
+### Wordlist Mode
|
|
|
+
|
|
|
+Simples mode, just specify a wordlist with `--wordlist=<file>`
|
|
|
+
|
|
|
+If the wordlist should be sorted, use the following command:
|
|
|
+```
|
|
|
+tr A-Z a-z < SOURCE | sort -u > TARGET
|
|
|
+```
|
|
|
+
|
|
|
+### Incremental Mode
|
|
|
+
|
|
|
+* Really powerfull mode
|
|
|
+* Tries all possible character combinations
|
|
|
+* Charset, Minum and Maximum Length must be specified
|
|
|
+ - Defined in johns configuration file located at `$JOHN/john.conf`
|
|
|
+* Must be defined as:
|
|
|
+```
|
|
|
+[Incremental:WPA_PSK]
|
|
|
+File = $JOHN/utf8.chr
|
|
|
+MinLen = 8
|
|
|
+MaxLen = 12
|
|
|
+CharCount = 192
|
|
|
+```
|
|
|
+* Predefined Modes are
|
|
|
+ - ASCII
|
|
|
+ - LM_ASCII
|
|
|
+ - Alpha
|
|
|
+ - Digits
|
|
|
+ - Lower/Upper
|
|
|
+ - LowerNum/UpperNum
|
|
|
+ - LowerSpace/UpperSpace
|
|
|
+
|
|
|
+### External Mode
|
|
|
+
|
|
|
+An external cracking MODE can be defined in `$JOHN/john.conf`.
|
|
|
+The sections contains source-code (subset of C) that is compiled when john is starting up in that particular mode.
|
|
|
+This functionality is used/applied to generate target passwords.
|
|
|
+
|
|
|
+An example would be:
|
|
|
+
|
|
|
+```
|
|
|
+[List.External:Filter_ASCII]
|
|
|
+void filter()
|
|
|
+{
|
|
|
+ int i, c;
|
|
|
+
|
|
|
+ i = 0;
|
|
|
+ while (c = word[i++])
|
|
|
+ if (c < 0x20 || c > 0x7e || i > 13) {
|
|
|
+ word = 0; return;
|
|
|
+ }
|
|
|
+}
|
|
|
+```
|
|
|
+
|
|
|
+* Supported/Called C functions
|
|
|
+```
|
|
|
+init() called at startup, should initialize global variables
|
|
|
+filter() called for each word to be tried, can filter some words out
|
|
|
+generate() called to generate words, when no other cracking modes used
|
|
|
+restore() called when restoring an interrupted session�
|
|
|
+```
|
|
|
+* In the `filter()` call, the global variable word can be changed
|
|
|
+* if `word == 0`, the word is skipped
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
Hans Martin