JOHN THE RIPPER-PART 2

John the Ripper (JtR) is a free password cracking software tool, originally developed for the Unix operating system which can run on fifteen different platforms.

In Part-1, we started with a brief introduction and went on to explaining two from totally three modes in JtR - wordlist and single.

Here, we are going to discuss how to crack .rar and .zip file passwords with John the Ripper and also we would be talking about the third mode in JtR – Incremental and some more insights into JtR.

 

RAR Password Cracking

As we all know, RAR is a proprietary archive file format that supports data compression, error recovery and file spanning. It was developed in 1993 by Russian software engineer Eugene Roshal and hence, the name RAR stands for Roshal Archive.

First, we will be creating a text file, we can use any method for that but here we will be using the echo command.

The basic Syntax of echo command is:

echo [option] [string]

Here, we will be implementing it as follows:

echo Sreedutt  >  test.txt

 We have created a file test.txt which we will be using to create a compressed file in the next step.

Now, let’s create a compressed encrypted rar file to test and we will also have to change its format as, JtR cannot directly crack this key using a john utility (rar2john) and then use JtR to crack this hash as follows:

 

The highlighted line shows the cracked password.

Here, I have given a simple password since depending on the complexity of the password you are cracking the time taken for the process will be longer i.e. the complexity of the password in terms of the character set that we are going to use is directly proportional to the time taken to crack it.

ZIP Password Cracking

Now our aim is to crack a zip file using JtR. So, lets just see what a zip file is:

ZIP is an archive file format that supports lossless data compression. The ZIP file format permits a number of compression algorithms like DEFLATE which is one of the most common. A ZIP file may contain one or more files or directories that may have been compressed.

The above command helps us to create a zip file called test_file and set a password for it. We will be trying to crack this zip file as we go along.

In the next step, we are going to use a john utility called “zip2john” and as seen below, it gives us the password hash which starts and ends with a dollar sign and we are exporting the hash that we got to another text file, say hash.txt

 In the final step, we are successfully using john to crack the password. 

7-ZIP Password Cracking

7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives". It was first released in 1999 and developed by Igor Pavlov. Compression ratio results are very dependent upon the data used for the tests but usually, 7-Zip compresses to 7z format 30-70% better than the format that we discussed before – zip.

In the first step, we are creating a 7-zip file and setting a password for it which we are eventually going to crack.

Now, we will change its format similar to what we did before by using a john utility “7z2john”. This is not inbuilt utility, It can be downloaded from any source like github.

 python 7z2john.py test.7z > hash.txt

Finally, like in the previous case we will successfully crack the password using the below syntax:

john –wordlist= /home/kali/Desktop hash.txt

Cracking Passwords Using John the Ripper

JtR comes with three modes namely single crack, wordlist and incremental. We will focus on the last one in this part.

 

Incremental:

It is JtR’s equivalent of brute-force and hence Incremental is the most powerful cracking mode as it can try all possible character combinations as passwords but it is assumed that cracking with this mode will never terminate because of the number of combinations being very large and you'll have to interrupt it earlier. However, it will terminate if you set limiting conditions like a low password length limit or make it use a small character set, etc,.

We can either use a pre-defined incremental mode definition or define a custom one. Pre-defined incremental modes are:

incremental mode definition	Description
ASCII	all 95 printable ASCII characters
LM_ASCII	used on LM hashes
Alnum	all 62 alphanumeric characters
Alpha	all 52 letters
LowerNum	lowercase letters + digits, for 36 total
UpperNum	uppercase letters + digits, for 36 total
LowerSpace	lowercase letters plus space, for 27 total
Lower	lowercase letters
Upper	uppercase letters
Digits	Only digits

 

The above graph shows number of passwords cracked in 90 minutes by the JtR password cracker tool in which the vertical lines indicate when there is a switch in cracking mode.

Now, some may have the doubt whether John the Ripper is safe to use and install.

Well, fear not! John the Ripper is a perfectly safe program to install and run, as most popular UNIX tools. If you are running a multi-user system, you must make sure you are shadowing ( is used to increase the security level of passwords by restricting all but highly privileged users' access to hashed password data) your password file such that the hashes are not visible; however even if you are not, not installing John will not prevent a malicious user from running John on their own computer with your hashes.

The main disadvantage is that John the Ripper password recovery tool is little bit complicated but still JtR one of the oldest password cracking tools is still an essential pen testing tool and the major advantage of John The Ripper is that it is the free software tool and is available for all the operating system and helps in the password recovery.
Some other advantages of JtR are:

• It works with Unix, Windows and Kerberos

• It is a popular password cracking tool.

• It auto-detects password hash types

• It can crack multi-encrypted formats

So that's it for this blog. Hope you guys had a great time. Thank you :)

Connect to me on LinkedIn