THM Writeups
Back to all writeups
extracted

John The Ripper

~15 min read

John The Ripper

Learn how to use John the Ripper - An extremely powerful and adaptable hash cracking tool

Setting up John the Ripper

1. What is the most popular extended version of John the Ripper? a. Jumbo John

Wordlists

1. What website was the rockyou.txt wordlist created from a breach on? a. rockyou.com

Cracking Basic Hashes

1. What type of hash is hash1.txt a. md5 - I used an online hash identifier https://hashes.com/en/tools/hash_identifier 2. What is the cracked value of hash1.txt? a. biscuit - the command used was john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt path/to/hash 3. What type of hash is hash2.txt? a. sha1 - I used an online hash identifier https://hashes.com/en/tools/hash_identifier 4. What is the cracked value of hash2.txt? a. kangeroo - john --format=raw-sha1 --wordlist=/usr/share/wordlists/rockyou.txt path/to/hash 5. What type of hash is hash3.txt? a. sha256 - Used the same hash identifier 6. What is the cracked value of hash3.txt? a. microphone - john --format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt path/to/hash 7. What type of hash is hash4.txt? a. Whirlpool 8. What is the cracked value of hash4.txt? a. colossal - john --format=whirlpool --wordlist=/usr/share/wordlists/rockyou.txt path/to/hash

Cracking Windows Authentication Hashes

1. What do we need to set the "format" flag to, in order to crack this? a. NT 2. What is the cracked value of the password? a. mushroom - john --format=NT --wordlist=/usr/share/wordlists/rockyou.txt path/to/hash

Cracking /etc/shadow Hashes

1. What is the root password? a. 1234 - john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt patch/to/hashes

Single Crack Mode

1. What is Joker's password? a. Jok3r - john --single --format=raw-md5 path/to/hashes

Custom Rules

1. What do custom rules allow us to exploit? a. password complexity predictability 2. What rule would we use to add all capital letters to the end of the word? a. cAz"[A-Z]" - the c means to Capital letter, Az means append to the end whatever is in the double quotes. 3. What flag would we use to call a custom rule called "THMRules"? a. --rule=THMRules

Cracking Password Protected Zip Files

1. What is the password for the secure.zip file? a. pass123 - used the command 'zip2john secure.zip > securehash.txt' to get the file in a format john would understand. Then used 'john --wordlist=/usr/share/wordlists/rockyou.txt securehash.txt' to crack the password. 2. What is the contents of the flag inside the zip file? a. THM{w3ll_d0n3_h4sh_r0y4l} - this is found by running the command 'unzip secure.zip' then inputting the password.

Cracking Password Protected RAR Archives

1. What is the password for the secure.rar file? a. password - Used the command 'rar2john secure.rar securerar.txt' to get the file in a format john would understand. Then used 'john --wordlist=/usr/share/wordlists/rockyou.txt securerar.txt' to crack the password. 2. What are the contents of the flag inside the zip file? a. THM{r4r_4rch1ve5_th15_t1m3} - used the command unrar x secure.rar with the password obtained from the last step.

Cracking SSH Keys with John

1. What is the SSH private key password? a. mango - Using the command 'python /usr/share/john/ssh2john.py idrsa.id_rsa > id_rsa.txt' Then used 'john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa.txt' to crack the password.
Back to all writeups