THM — John The Ripper

My notes on THM Room.

Identifying Hashes

Sometimes John won’t play nicely with automatically recognising and loading hashes, that’s okay! We’re able to use other tools to identify the hash, and then set john to use a specific format. There are multiple ways to do this, such as using an online hash identifier like this one. I like to use a tool called hash-identifier, a Python tool that is super easy to use and will tell you what different types of hashes the one you enter is likely to be, giving you more options if the first one fails.

To use hash-identifier, you can just pull the python file from gitlab using:wget https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py.

Then simply launch it with python3 hash-id.py and then enter the hash you're trying to identify- and it will give you possible formats!

When you are telling john to use formats, if you’re dealing with a standard hash type, e.g. md5 as in the example above, you have to prefix it withraw- to tell john you're just dealing with a standard hash type, though this doesn't always apply. To check if you need to add the prefix or not, you can list all of John's formats using john --list=formats and either check manually, or grep for your hash type using something like john --list=formats | grep -iF "md5".

Cracking Basic Hashes

Answers to questions

What type of hash is hash1.txt?

kali@kali:~/Desktop/first_task_hashes$ cat hash1.txt 
2e728dd31fb5949bc39cac5a9f066498
kali@kali:~/Desktop/first_task_hashes$ python3 hash-id.py
 ####################################################################
--------------------------------------------------
 HASH: 2e728dd31fb5949bc39cac5a9f066498
Possible Hashs:
[+] MD5

What is the cracked value of hash1.txt?

Utilizing the command:

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt

biscuit

What type of hash is hash2.txt?

SHA1

What is the cracked value of hash2.txt

kangeroo

What type of hash is hash3.txt?

sha512

What is the cracked value of hash3.txt

microphone

What type of hash is hash4.txt?

whirlpool

What is the cracked value of hash4.txt

colossal

Cracking Windows Authenication Hashes

Authentication hashes are the hashed versions of passwords that are stored by operating systems, it is sometimes possible to crack them using the brute-force methods that we’re using.

NTHash / NTLM

NThash is the hash format that modern Windows Operating System machines will store user and service passwords in. It’s also commonly referred to as “NTLM” which references the previous version of Windows format for hashing passwords known as “LM”, thus “NT/LM”.

You can acquire NTHash/NTLM hashes by dumping the SAM database on a Windows machine, by using a tool like Mimikatz or from the Active Directory database: NTDS.dit. You may not have to crack the hash to continue privilege escalation- as you can often conduct a “pass the hash” attack instead, but sometimes hash cracking is a viable option if there is a weak password policy.

What do we need to set the “format” flag to, in order to crack this?

john --list=formats | grep -iF "NTLM".

This show us a list of format parameters. One of them is NT

What is the cracked value of this password?

john --format=NT --wordlist=/usr/share/wordlists/rockyou.txt ntlm.txt
Using default input encoding: UTF-8
Loaded 1 password hash (NT [MD4 256/256 AVX2 8x3])
Warning: no OpenMP support for this hash type, consider --fork=2
Press 'q' or Ctrl-C to abort, almost any other key for status
mushroom         (?)
1g 0:00:00:00 DONE (2021-09-17 19:18) 100.0g/s 307200p/s 307200c/s 307200C/s skater1..dangerous
Use the "--show --format=NT" options to display all of the cracked passwords reliably
Session completed.

Cracking /etc/shadow hashes

The /etc/shadow file is the file on Linux machines where password hashes are stored. It contains one entry per line for each user or user account of the system. This file is usually only accessible by the root user- so in order to get your hands on the hashes you must have sufficient privileges, but if you do- there is a chance that you will be able to crack some of the hashes.

Unshadowing

John can be very particular about the formats it needs data in to be able to work with it, for this reason- in order to crack /etc/shadow passwords, you must combine it with the /etc/passwd file in order for John to understand the data it’s being given. To do this, we use a tool built into the John suite of tools called unshadow. The basic syntax of unshadow is as follows:

unshadow [path to passwd] [path to shadow]

Cracking

We’re then able to feed the output from unshadow, in our example use case called “unshadowed.txt” directly into John. We should not need to specify a mode here as we have made the input specifically for John, however in some cases you will need to specify the format as we have done previously using:

--format=sha512crypt
john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt unshadowed.txt

What is the root password?

john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt etchashes.txt
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2 4x])
Cost 1 (iteration count) is 5000 for all loaded hashes
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
1234             (root)
1g 0:00:00:00 DONE (2021-09-17 19:25) 1.666g/s 2133p/s 2133c/s 2133C/s kucing..poohbear1
Use the "--show" option to display all of the cracked passwords reliably
Session completed.

Single Crack Mode

Single Crack Mode

So far we’ve been using John’s wordlist mode to deal with brute forcing simple., and not so simple hashes. But John also has another mode, called Single Crack mode. In this mode, John uses only the information provided in the username, to try and work out possible passwords heuristically, by slightly changing the letters and numbers contained within the username.

Using Single Crack Mode

To use single crack mode, we use roughly the same syntax that we’ve used to so far, for example if we wanted to crack the password of the user named “Mike”, using single mode, we’d use:

john --single --format=[format] [path to file]

A Note on File Formats in Single Crack Mode:

If you’re cracking hashes in single crack mode, you need to change the file format that you’re feeding john for it to understand what data to create a wordlist from. You do this by prepending the hash with the username that the hash belongs to, so according to the above example- we would change the file hashes.txt

From:
1efee03cdcb96d90ad48ccc7b8666033
To
mike:1efee03cdcb96d90ad48ccc7b8666033

What is Joker’s password?

We first check to see what kind of hash it could possibly be with the hash-id.py file. We identify it as MD5.

We then have to edit the file to make sure we include the username Joker.

We not can run John in single mode:

john --single --format=raw-md5 hash7.txt
Using default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8x3])
Warning: no OpenMP support for this hash type, consider --fork=2
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 2 candidates buffered for the current salt, minimum 24 needed for performance.
Warning: Only 20 candidates buffered for the current salt, minimum 24 needed for performance.
Jok3r            (joker)
1g 0:00:00:00 DONE (2021-09-17 19:33) 100.0g/s 19500p/s 19500c/s 19500C/s j0ker..J0k3r
Use the "--show --format=Raw-MD5" options to display all of the cracked passwords reliably
Session completed.

Custom Rules

You can define your own sets of rules, which John will use to dynamically create passwords. This is especially useful when you know more information about the password structure of whatever your target is.

Common Custom Rules

Many organisations will require a certain level of password complexity to try and combat dictionary attacks.

A password with the capital letter first, and a number followed by a symbol at the end. This pattern of the familiar password, appended and prepended by modifiers (such as the capital letter or symbols) is a memorable pattern that people will use, and reuse when they create passwords. This pattern can let us exploit password complexity predictability.

How to create Custom Rules

Custom rules are defined in the john.conf file, usually located in /etc/john/john.conf

The first line:

[List.Rules:THMRules] - Is used to define the name of your rule, this is what you will use to call your custom rule as a John argument.

We then use a regex style pattern match to define where in the word will be modified, again- we will only cover the basic and most common modifiers here:

Az - Takes the word and appends it with the characters you define

A0 - Takes the word and prepends it with the characters you define

c - Capitalises the character positionally

These can be used in combination to define where and what in the word you want to modify.

Lastly, we then need to define what characters should be appended, prepended or otherwise included, we do this by adding character sets in square brackets [ ] in the order they should be used. These directly follow the modifier patterns inside of double quotes " ". Here are some common examples:

[0-9] - Will include numbers 0-9

[0] - Will include only the number 0

[A-z] - Will include both upper and lowercase

[A-Z] - Will include only uppercase letters

[a-z] - Will include only lowercase letters

[a] - Will include only a

[!£$%@] - Will include the symbols !£$%@

Putting this all together, in order to generate a wordlist from the rules that would match the example password “Polopassword1!” (assuming the word polopassword was in our wordlist) we would create a rule entry that looks like this:

[List.Rules:PoloPassword]

cAz"[0-9] [!£$%@]"

Using Custom Rules

We could then call this custom rule as a John argument using the --rule=PoloPassword flag.

As a full command: john --wordlist=[path to wordlist] --rule=PoloPassword [path to file]

What do custom rules allow us to exploit?

Password complexity predictability

What rule would we use to add all capital letters to the end of the word?

Az"[A-Z]"

What flag would we use to call a custom rule called “THMRules”

--rule=THMRules

Cracking Password Protected ZIP File

We first have to use a tool in John to convert the zip file into a format that John will understand.

Zip2John

Similarly to the unshadow tool that we used previously, we’re going to be using the zip2john tool to convert the zip file into a hash format that John is able to understand, and hopefully crack. The basic usage is like this:

zip2john [options] [zip file] > [output file]

What is the password for the secure.zip file?

First we have to convert the zip file to a format John understands with zip2john

zip2john secure.zip > ziphash.txt
ver 1.0 efh 5455 efh 7875 secure.zip/zippy/flag.txt PKZIP Encr: 2b chk, TS_chk, cmplen=38, decmplen=26, crc=849AB5A6 type=0
john --wordlist=/usr/share/wordlists/rockyou.txt ziphash.txt
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
pass123          (secure.zip/zippy/flag.txt)
1g 0:00:00:00 DONE (2021-09-17 20:11) 25.00g/s 204800p/s 204800c/s 204800C/s newzealand..total90
Use the "--show" option to display all of the cracked passwords reliably
Session completed.

What is the contents of the flag inside the zip file?

Using the password we are able to open the file which contains the flag THM{w3ll_d0n3_h4sh_r0y4l}

Cracking Password Protected RAR Archive

Rar archives are compressed files created by the Winrar archive manager. Just like zip files they compress a wide variety of folders and files.

Rar2John

Almost identical to the zip2john tool that we just used, we’re going to use the rar2john tool to convert the rar file into a hash format that John is able to understand. The basic syntax is as follows:

rar2john [rar file] > [output file]

What is the password for the secure.rar file?

rar2john secure.rar > rarhash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt rarhash.txt
Warning: detected hash type "RAR5", but the string is also recognized as "RAR5-opencl"
Use the "--format=RAR5-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (RAR5 [PBKDF2-SHA256 256/256 AVX2 8x])
Cost 1 (iteration count) is 32768 for all loaded hashes
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
password         (secure.rar)
1g 0:00:00:00 DONE (2021-09-17 20:23) 5.882g/s 376.4p/s 376.4c/s 376.4C/s 123456..charlie
Use the "--show" option to display all of the cracked passwords reliably
Session completed.

What is the contents of the flag inside the zip file?

In order to view the flag inside we had to install a program called unrar to open the zip file. Once inside we can grab the flag. THM{r4r_4rch1ve5_th15_t1m3}

Cracking SSH Keys with John

Using John to crack the SSH private key password of id_rsa files. Unless configured otherwise, you authenticate your SSH login using a password. However, you can configure key-based authentication, which lets you use your private key, id_rsa, as an authentication key to login to a remote machine over SSH. However, doing so will often require a password- here we will be using John to crack this password to allow authentication over SSH using the key.

SSH2John

ssh2john converts the id_rsa private key that you use to login to the SSH session into hash format that john can work with.

What is the SSH private key password?

We had trouble running the command we so had to locate the path and run it from there.

locate ssh2john
/opt/john/ssh2john.py
root@ip-10-10-103-63:~/Desktop# /opt/john/ssh2john.py
Usage: /opt/john/ssh2john.py <RSA/DSA/EC/OpenSSH private key file(s)>
root@ip-10-10-103-63:~/Desktop# /opt/john/ssh2john.py idrsa.id_rsa > hashssh.txt
john --wordlist=/usr/share/wordlists/rockyou.txt hashssh.txt
Note: This format may emit false positives, so it will keep trying even after finding a
possible candidate.
Warning: detected hash type "SSH", but the string is also recognized as "ssh-opencl"
Use the "--format=ssh-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (SSH [RSA/DSA/EC/OPENSSH (SSH private keys) 32/64])
Cost 1 (KDF/cipher [0=MD5/AES 1=MD5/3DES 2=Bcrypt/AES]) is 0 for all loaded hashes
Cost 2 (iteration count) is 1 for all loaded hashes
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
mango            (idrsa.id_rsa)
1g 0:00:00:16 DONE (2021-09-17 20:33) 0.05938g/s 851644p/s 851644c/s 851644C/s *7¡Vamos!
Session completed.