Whenever we attack a website, run an exploit or otherwise, we can encounter something called a ‘hash’. Hashing is a technique which uses highly complex algorithms to change a plaintext password into an unreadable string on numbers and letters.
574AB36AA9A7AA4025D6B40EEBB1AA69 Is what the text “Ethernet” looks like in, the commonly used, MD5 hashing algorithm. The most important thing to remember
about hashes is that they are, what’s called, ‘one way’. Meaning you cant just reverse them to view the plaintext. So, how are we going to crack this hash? Simple – a hash
breaking program called John The Ripper (JTR)Download.
The program can crack several algorithms,
Using two methods, Brute Force and a Dictionary Attack.
Download it from :- http://www.openwall.com/john/
When Will I Use John The Ripper?
“When will I actually have to use this (amazing) software?” you ask? There are three
(main) times that you will use this program.
 Cracking an .htpasswd file.
These files carry within them the administrative password for a given file.
They are encrypted in the DES algorithm, for the most part.
Once cracked you have full reign over the files/folders it was protecting.
 Cracking an MD5 Hash For a Database
When viewing a hacked database backup you will be viewing the passwords
encrypted in the MD5 algorithm.
When using exploits that retrieve administrative hashes via SQL Injection etc.
 To send/receive secret messages
You can easily encrypt important text with MD5, provided you have the answer in
Looks like gibberish to the casual viewer.
In all three of the above examples you will require John The Ripper at one point or another.
Getting Ready To Crack
Before actually carrying out the password attack we must first follow a couple simple
steps to ’prep’ our hash for John The Ripper.
First off we must put our hash into a text file for John to read off of. For this demo I will be using a DES hash, but the same method is applied to all others. My text documents
includes the following DES hash:
I now name this ‘hash.txt’, as shown below.
Brute Force Attack
The first method of attack we will be looking at is, what’s known as, a Brute Force attack.
This attack works by our program producing a hash and seeing if it equals the hash we are trying to crack. So…
900150983CD24FB0D6963F7D28E17F72 (abc) !=
574AB36AA9A7AA4025D6B40EEBB1AA69 (ethernet) ==
Since the program ‘knows’ what it generated we can see, if the hashes are equal, what the unknown hash is.
In John The Ripper we execute a brute force attack like so:
This command string ‘John-386 hash.txt’, where hash.txt is where the hash is stored, will run a basic Brute Force attack on the hash. Luckily for us we can make this command much more specific with some of the following commands:
–format=Hash Type – If you know the hash type you can add the string –format=DES.
–single – This command is used when you are only cracking one hash at a time.
Of course you aren’t limited to these commands, they are just basics that are most often used.
This second attack we will look at is the Dictionary Attack, which takes words out of a dictionary file, hash them, and compare them to the unknown hash. John The Ripper comes with quite a nice password list (password.lst). A basic dictionary attack against a hash located in hash.txt might look something like this:
We use the –wordlist tag to specify a Dictionary Attack and we follow that with the word list we wish to use. If the password is contained in the word list it will be cracked in seconds, depending on the size of the word list.
Keep in mind that all the other flags I showed you in the Brute Force section still apply (like –format etc).
Hope you Like it 🙂
Don’t Forget to like us on Facebook