2. it
  3. Unit 2: Password Cracking 2.3 Activity and Discussion Activity: Using John the Ripper to Crack P...

Unit 2: Password Cracking 2.3 Activity and Discussion Activity: Using John the Ripper to Crack P...

mac2022-06-30  23

ACTIVITY: USING JOHN THE RIPPER TO CRACK PASSWORDS

This activity is ungraded.

Remember: Be sure to watch these Demo videos from this unit before trying this activity. Watching me do it first will help you understand each of the steps.

Dictionary Attacks with John the Ripper

System:  You can complete this activity on any system.

Time: This activity should take you approximately 30 minutes to complete.

Downloads

John the Ripper is included in the Kali VM downloaded in Unit 1. Instructions for installing Kali VM.

Goal

To experience how John the Ripper cracks passwords.

Instructions

Note: Hit Enter after each command.

Launch your Kali Virtual machine and open a terminal. (Instructions for this were included in Unit 1.)Enter john, which will display usage help.There is also a man page for john: man john. Enter q to quit.Enter john –test. This will give you an idea of how long it will take john to crack passwords based on various cryptographic schemes.

Adding users and passwords

Enter  adduser weissmanGive the weissman user a password of jonathan. Hit Enter for all the prompts.Documentation on the adduser commandAdd these additional username/password combinations (pay attention to use of upper and lower case in the passwords): UsernamePasswordweissmanjonathanupperPASSWORDlowerpasswordmixedPasswordstory3bears

I've purposely chosen dictionary words because the complexity of the password is inversely related to the time necessary to crack it.

In Linux, the /etc/passwd file contains potential information in the GECOS field: full name, room number, work phone, home phone, and other.

Linux stores its passwords in /etc/shadow file.

The unshadow tool combines the /etc/passwd and /etc/shadow files, so John the Ripper can use them.

Enter unshadow by itself to see its usage.Now enter unshadow /etc/passwd /etc/shadow > rochester.txt.Take a look at this contents of this file, specifically the hashes: cat rochester.txt.

Using a wordlist that comes with John the Ripper

Enter john --wordlist=/usr/share/john/password.lst rochester.txt.At the point of cracking, the passwords and usernames appear on the screen.Afterwards, use the show option to list all the cracked passwords: john --show rochester.txt.

Using John the Ripper without a wordlist

Create a new user, bob. Enter adduser bob.Give him a password of bob10314.Specify a room number of 10314 when prompted.Create a new unshadow file, updated with our new user, bob: unshadow /etc/passwd /etc/shadow > rochester2.txtRun John the Ripper in Single Crack Mode, which uses the GECOS field, without a wordlist: john rochester2.txtYou’ll see the cracked password on screen.Afterwards, enter john --show rochester.txtThe GECOS information was successful!

After you've finished, answer the Check Your Work questions.

转载于:https://www.cnblogs.com/sec875/articles/10015977.html

相关资源:Cracking.the.Coding.Interview.189.Programming.Questions.and.Solutions
最新回复(0)