Pular para o conteúdo principal

Tryhackme  -  John the Ripper: The Basics

```html id="p4x7mz"

TryHackMe — John the Ripper: The Basics Writeup

John the Ripper is one of the most popular password cracking tools used in cybersecurity, penetration testing, and CTF challenges. This TryHackMe room introduces the fundamentals of password cracking using hashes, wordlists, SSH keys, ZIP archives, RAR files, and Linux shadow files.

This writeup summarises the main concepts, commands, and practical exercises covered in the room.

Warning: For educational purposes only.

Task 2 — Basic Terms

This room focuses on the extended version of John the Ripper known as Jumbo John, which includes additional features and community-maintained modules.

Questions & Answers

Q: What is the most popular extended version of John the Ripper?

A: Jumbo John

Task 3 — Setting Up Your System

John the Ripper supports multiple operating systems and includes different editions with varying feature sets.

RockYou Wordlist

One of the most commonly used password dictionaries in cybersecurity is the famous rockyou.txt wordlist.

Questions & Answers

Q: Which website breach generated the rockyou.txt wordlist?

A: rockyou.com

Task 4 — Cracking Basic Hashes

John the Ripper supports multiple hash formats and requires the correct format definition for efficient cracking.

Basic Syntax

john --format=[format] --wordlist=[path] [hash file]

Useful Commands

cat hash_name.txt
python3 hash-id.py
john --format=format_type --wordlist=/usr/share/wordlists/rockyou.txt hash_name.txt
john --show --format=format_type hash2.txt

Example

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

Task 5 — Cracking Windows Authentication Hashes

Modern Windows systems store passwords using the NTHash / NTLM format.

These hashes can be extracted from:

  • SAM Database;
  • NTDS.dit;
  • Mimikatz dumps;
  • Active Directory environments.

Common Attack Techniques

  • Pass-the-Hash;
  • Password Cracking;
  • Credential Dumping.

Task 6 — Cracking /etc/shadow Hashes

Linux systems store password hashes inside the /etc/shadow file.

Unshadowing

Before cracking Linux hashes, the passwd and shadow files must be combined using the unshadow tool.

Example

unshadow local_passwd local_shadow > unshadowed.txt

Cracking the Hash

john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt unshadowed.txt

Questions & Answers

Q: What is the root password?

A: 1234

Task 7 — Single Crack Mode

Single Crack Mode generates password candidates based on usernames and contextual information.

Example Syntax

john --single --format=raw-sha256 hashes.txt

Example File Format

joker:1efee03cdcb96d90ad48ccc7b8666033

Questions & Answers

Q: What is Joker's password?

A: Jok3r

Task 8 — Custom Rules

Custom rules allow John the Ripper to mutate words dynamically during cracking attempts.

Important Modifiers

  • Az — Append characters;
  • A0 — Prepend characters;
  • c — Capitalise characters.

Example Rule

[List.Rules:PoloPassword]
cAz"[0-9][!£$%@]"

Example Usage

john --wordlist=rockyou.txt --rule=PoloPassword hashes.txt

Task 9 — Cracking Password Protected ZIP Files

ZIP archives can be converted into crackable hashes using the zip2john utility.

Example

zip2john zipfile.zip > zip_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt

Task 10 — Cracking Password Protected RAR Archives

RAR archives can be cracked similarly using the rar2john utility.

Example

rar2john rarfile.rar > rar_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt rar_hash.txt

Task 11 — Cracking SSH Key Passwords

John the Ripper can also crack encrypted SSH private keys such as id_rsa.

ssh2john

The ssh2john.py script converts SSH private keys into a format John can crack.

Example

python3 /opt/john/ssh2john.py id_rsa > id_rsa_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa_hash.txt

Questions & Answers

Q: What is the SSH private key password?

A: mango

Final Thoughts

This TryHackMe room provides an excellent introduction to password cracking concepts and demonstrates how versatile John the Ripper can be in real-world cybersecurity scenarios.

Learning these techniques is valuable for:

  • Ethical Hacking;
  • Penetration Testing;
  • CTF Challenges;
  • Password Auditing;
  • Digital Forensics;
  • Red Team Operations.

SEO Tags

TryHackMe, John the Ripper, Password Cracking, Cybersecurity, Ethical Hacking, Hash Cracking, NTLM, Linux Shadow, SSH Cracking, ZIP Cracking, RAR Cracking, Penetration Testing, CTF, Red Team, Wordlists

I hope this article helped you in some way. Don't forget to follow for more cybersecurity content.

```
Marcadores:

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Tryhackme  -  Moniker Link (CVE-2024–21413)

```html id="n5x2qw" TryHackMe — Moniker Link (CVE-2024-21413) Writeup CVE-2024-21413, also known as Moniker Link , is a critical Microsoft Outlook vulnerability disclosed in February 2024. This flaw allows attackers to bypass Outlook security protections and leak NTLM credentials through specially crafted hyperlinks. This TryHackMe room demonstrates how the vulnerability works, how attackers abuse Moniker Links, and how NTLM hashes can be captured using SMB authentication. Warning: For educational purposes only. Task 1 — Introduction On February 13th, 2024, Microsoft announced a critical Outlook vulnerability identified as CVE-2024-21413 . The vulnerability was discovered by Haifei Li from Check Point Research and affects how Outlook handles specific hyperlink types known as Moniker Links . Attackers can send malicious emails containing specially crafted links that force Outlook to leak the victim's NTLM credentials when interacted with. Question...
Postar um comentário
Leia mais