Basic cracking
formatting
1
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt
you can replace raw-md5 with intended hash and hash1.txt file with file that has other hash
if need to check the format hash
1
john --list=formats
To use hash-identifier, you can just pull the python file from gitlab using:
wget https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py
Then use the command
1
python3 hash-id.py [hash]
John Unshadowing
1
unshadow local_passwd local_shadow > unshadowed.txt
- local_passwd file would be located in /etc/passwd
root:x:0:0::/root:/bin/bash
- local_shadow file would be located in /etc/shadow
root:$6$2nwjN454g.dv4HN/$m9Z/r2xVfweYVkrr.v5Ft8Ws3/YYksfNwq96UL1FX0OJjY1L6l.DS3KEVsZ9rOVLB/ldTeEL/OIhJZ4GMFMGA0:18576::::::
once unshadowed use basic cracking usually format is not needed
1
john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt unshadowed.txt
Single Crack Mode
1
john --single --format=format [path to txt file]
If the username is known change formating on hash example:
From:
1efee03cdcb96d90ad48ccc7b8666033
To mike:1efee03cdcb96d90ad48ccc7b8666033
Custom Rules
url for list of rule modifyers https://www.openwall.com/john/doc/RULES.shtml
[List.Rules:THMRules] - Is used to define the name of your rule, this is what you will use to call your custom rule as a John argument.
We then use a regex style pattern match to define where in the word will be modified, again- we will only cover the basic and most common modifiers here:
Az - Takes the word and appends it with the characters you define
A0 - Takes the word and prepends it with the characters you define
c - Capitalises the character positionally
These can be used in combination to define where and what in the word you want to modify.
Lastly, we then need to define what characters should be appended, prepended or otherwise included, we do this by adding character sets in square brackets [ ] in the order they should be used. These directly follow the modifier patterns inside of double quotes " ". Here are some common examples:
[0-9] - Will include numbers 0-9
[0] - Will include only the number 0
[A-z] - Will include both upper and lowercase
[A-Z] - Will include only uppercase letters
[a-z] - Will include only lowercase letters
[a] - Will include only a
[!£$%@] - Will include the symbols !£$%@
Putting this all together, in order to generate a wordlist from the rules that would match the example password “Polopassword1!” (assuming the word polopassword was in our wordlist) we would create a rule entry that looks like this:
[List.Rules:PoloPassword]
cAz"[0-9] [!£$%@]"
In order to:
Capitalise the first letter - c Append to the end of the word - Az A number in the range 0-9 - [0-9] Followed by a symbol that is one of [!£$%@]
Using Custom Rules
We could then call this custom rule as a John argument using the --rule=PoloPassword flag.
As a full command: john --wordlist=[path to wordlist] --rule=PoloPassword [path to file]
THM answers What rule would we use to add all capital letters to the end of the word?
1
Az"[A-Z]"
What flag would we use to call a custom rule called “THMRules”
–rule=THMRules
example
Crack Zip Files zip2john
First convert the zip file to a text file simular to unshadow then crack
example
1
2
3
zip2john zipfile.zip > zip_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt
note format is not needed
Cracking RAR files RAR2john
First convert the zip file to a text file simular to unshadow then crack
example
1
2
3
rar2john rarfile.rar > rar_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt rar_hash.txt
note format is not needed
Cracking SSH with SSH2John
First convert the zip file to a text file simular to unshadow then crack
example
1
2
3
ssh2john idrsa.rsa > idrsa.txt
john --wordlist=/usr/share/wordlists/rockyou.txt idrsa.txt
note format is not needed
how to find and unzip rockyou
first locate rock you /usr/share/wordlists/rockyou
!Unzip the rockyou file:
1
sudo gzip -d rockyou.txt.gz