Summary
This video provides a comprehensive tutorial on using John the Ripper for password cracking within a Kali Linux environment. It explains the relationship between plaintext passwords and encrypted hashes, demonstrating how different algorithms like MD5 and SHA result in unique hash outputs. The tutorial covers the practical steps of gaining root access, identifying system password files like /etc/passwd and /etc/shadow, creating test users, and isolating hashes for cracking. By utilizing both the command-line interface and mentioning the graphical alternative 'Johnny', the video ensures a thorough understanding of the cracking process.
Key Insights
Hashing algorithms create unique, unreadable strings from plaintext passwords to enhance security.
The video explains that passwords on a computer are usually stored as encrypted hashes rather than plaintext. Using resources like browserlink.com, the presenter demonstrates that a single password identifies as completely different strings depending on the algorithm used (e.g., MD5, SHA-256). This variability makes manual decryption impossible and necessitates tools like John the Ripper, which can process and test many algorithms quickly.
Linux divides account identification and password security across separate system files.
System accounts are listed in the /etc/passwd file, which contains general information about users but no sensitive data. The actual password hashes are secured in the /etc/shadow file, which is protected by strict permissions only accessible to the root user (Super User). Accessing these hashes is the first critical step in a password cracking workflow.
Sections
Introduction to John the Ripper and Hashing
John the Ripper is an efficient tool for cracking user passwords on local computers.
The presenter introduces John the Ripper as a fast and powerful tool installed in Kali Linux, designed to crack usernames and passwords by testing against various encrypted hash formats.
Understanding hash algorithms is essential because identical passwords produce different resulting strings.
The video demonstrates using browserlink.com to show that typing the word 'password' results in vastly different hashes depending on the selected algorithm. This highlights the challenge of cracking passwords, as the tool must determine or be told which specific algorithm is being used.
Accessing and Managing Linux System Files
Superuser privileges are required to view sensitive account password hashes on Kali Linux.
The terminal window starts with blue text indicating a standard user. To access restricted files, the presenter uses the command 'sudo su -' to log in as the root user, granting the privileges necessary to read the shadow file.
The /etc/passwd file identifies all user accounts currently existing on the computer.
By typing 'cat /etc/passwd', the presenter shows a list of accounts including root, built-in system accounts, and custom accounts like 'admins'. This file provides information about the accounts but does not contain password strings.
Password hashes are stored in the /etc/shadow file, representing the target for cracking.
The command 'cat /etc/shadow' reveals the encrypted versions of passwords. These are displayed as unreadable hash strings next to usernames, such as 'root' and 'admins', which are the actual targets for tools like John the Ripper.
Creating Test Users and Preparing the Target File
New user accounts are created to provide practical targets for the cracking demonstration.
The presenter uses the 'add user' command to create 'test01' and 'test02'. He assigns specific passwords and leaves other user information blank to populate the shadow file with fresh hashes for the experiment.
A separate text file is created to house the isolated hashes for the tool to process.
Instead of working directly on the system shadow file, the presenter copies it using 'cp /etc/shadow pass.txt'. This creates a manageable file called 'pass.txt' that can be edited without risking system stability.
The Nano editor is utilized to remove unnecessary data and focus on specific test accounts.
Using 'nano pass.txt', the presenter clears out all lines except those for 'test01' and 'test02' by using 'Ctrl+K' to cut text. This isolation ensures the cracking tool only spends resources on the chosen target accounts.
Executing the Password Crack
The cracking command involves defining the hash format and pointing the tool to the target file.
To initiate the crack, the presenter runs the command 'john --format=crypt pass.txt'. This specifies the use of the Crypt algorithm and points John the Ripper to the edited text file containing the two test account hashes.
John the Ripper identifies and recovers plaintext passwords through trial and salt value testing.
The tool loads the hashes, notes their salt values, and begins processing. It successfully identifies the password for 'test01' as 'qweer T' and also cracks the password for the second test account during the run.
The '--show' command is used to verify that all target hashes have been successfully cracked.
By running 'john --show pass.txt', the terminal displays a summary confirming that two password hashes were cracked and zero remain. It shows the recovered plaintext passwords next to the account names.
Graphical Interface Alternative: Johnny
Users can install Johnny, a GUI version of John the Ripper, for a visual experience.
If a user prefers not to use the command line, they can install 'Johnny' using 'sudo apt install johnny'. This application offers a graphical user interface where users can load password files and view progress in a windowed environment.
While convenient, the GUI might encounter library issues compared to the stable CLI method.
The presenter notes that while Johnny is available in the 'Password Attacks' application menu, it may occasionally run into library issues. For the most reliable results, the command-line interface (CLI) is recommended as the primary method for cracking.
Ask a Question
*Uses 1 Wisdom coin from your coin balance