WEBVTT

0
00:01.630 --> 00:06.830
In this video I'll show you how to crack passwords using brute force attack.

1
00:06.880 --> 00:14.720
We'll dive into John the Ripper which is probably the most widely used password cracking tool out there.

2
00:14.800 --> 00:19.870
John he Ripper is designed to be both feature-rich and fast.

3
00:19.870 --> 00:27.550
It combines several cracking marks and supports a lot of hashing protocols. Community enhanced jumble

4
00:27.550 --> 00:28.410
versions

5
00:28.510 --> 00:38.460
add support for Windows iNTLM hashes, MacOS or sha-256 or 512  salted


6
00:38.500 --> 00:41.430
hashes. Before starting

7
00:41.430 --> 00:46.280
John let's talk a little bit about the available cracking modes.

8
00:46.400 --> 00:55.030
There are 3 cracking modes available: single track mode, dictionary attack and incremental mode. Single

9
00:55.030 --> 00:58.460
crack mode is the mode you should start cracking with.

10
00:58.480 --> 01:03.860
It will use the logging names together with other fields from the past start to file,

11
01:03.860 --> 01:08.230
also with a large set of mangling rules applied.

12
01:08.230 --> 01:13.790
This is the fastest cracking mode and it is applicable to very simple passwords.

13
01:13.960 --> 01:21.340
If you use the dictionary attack you must supply a dictionary file that contains one word per line

14
01:21.610 --> 01:22.660
and the password file.

15
01:23.850 --> 01:32.850
You can enable word mangling rules which are used to modify or mangle words producing other likely passwords.

16
01:33.450 --> 01:41.280
If enabled all the rules will be applied to every line in the world list file producing multiple candidate

17
01:41.280 --> 01:49.370
passwords for each source word. And the most powerful cracking mode is the incremental mode.

18
01:49.510 --> 01:53.840
It will try all possible character combinations as passwords.

19
01:53.860 --> 02:02.530
However if you supply a random password with a length of more than 12 or 14 characters it will never

20
02:02.530 --> 02:06.340
terminate and you'll have to interrupt it manually.

21
02:06.340 --> 02:07.930
Okay, let's get started!

22
02:09.510 --> 02:10.590
On Kali Linux

23
02:10.620 --> 02:13.010
John the Ripper is already installed.

24
02:13.200 --> 02:20.880
But if you use another distribution you can simply install it by executing apt install john.

25
02:25.800 --> 02:26.510
It's already

26
02:26.530 --> 02:27.940
the newest version.

27
02:28.300 --> 02:35.250
The first step is to combine the provided password and shadow files into a single file.

28
02:35.310 --> 02:43.240
There is the unshadow command which is part of the John package that does that. unshadow

29
02:43.240 --> 02:52.870
the password file and the shadow file > or the output redirection and the file that

30
02:52.870 --> 02:58.600
combines these two files. Let's say unshadowed.txt

31
03:02.140 --> 03:04.080
Let's see the file!

32
03:05.950 --> 03:15.860
Okay,  we have the user and the hash! Perfect! Let's start john in single mode.

33
03:15.900 --> 03:25.530
john -single unshadowed.txt


34
03:25.770 --> 03:27.030
It has finished.

35
03:27.030 --> 03:29.820
Let's check if it has found something.

36
03:31.760 --> 03:34.470
john --show

37
03:34.790 --> 03:44.870
and the file unshadowed.txt  and we notice that it cracked two passwords: the password of

38
03:44.870 --> 03:45.770
user  Kali,

39
03:45.860 --> 03:53.030
the default user of  Kali Linux starting with version 2020.1 which is Kali and

40
03:53.030 --> 03:55.570
the password of the user admin, 

41
03:55.640 --> 03:58.570
which is also admin. In just a few seconds

42
03:58.670 --> 04:06.320
he has cracked the default password of the default user of Kali Linux. Once again the single mode is

43
04:06.320 --> 04:07.550
only good to crack

44
04:07.550 --> 04:09.750
very simple passwords.

45
04:09.860 --> 04:16.030
When John finds a password it saves it in this file, in the home directory 

46
04:16.070 --> 04:22.490
of the user that has executed John, in a hidden directory called John.

47
04:22.640 --> 04:33.120
john.pot. This is where it saves the passwords! Let's try a brute force dictionary attack.

48
04:33.210 --> 04:36.060
John the Ripper comes with its own passwords

49
04:36.060 --> 04:39.510
lists in /usr/share/john

50
04:39.540 --> 04:44.030
For example password.lst

51
04:44.140 --> 04:47.550
is such a dictionary file.

52
04:47.670 --> 04:59.070
There are also some dictionary files in any Linux distribution, /usr/share/dict/. To check how many

53
04:59.070 --> 05:05.280
entries are in a dictionary file you execute wc -l and the file.


54
05:09.050 --> 05:16.820
For example in this file American English there is this number of words.

55
05:16.950 --> 05:21.760
Okay, let's start John using the dictionary that comes with it.

56
05:23.010 --> 05:33.460
john --wordlist= and tha pass to the file /usr/share


57
05:33.460 --> 05:43.140
/john/password.lst --rules and the file that contains the hashes of the passwords

58
05:44.230 --> 05:46.280
unshadowed.txt

59
05:50.050 --> 05:55.280
--rules enables words mangling rules.

60
05:55.530 --> 05:56.140
Okay!

61
05:56.140 --> 06:02.410
It has already cracked two passwords: user 1 and user 2,

62
06:02.540 --> 06:04.380
both have the same password,

63
06:04.390 --> 06:10.480
test, it's from the previous lecture and the user mark with the password

64
06:10.520 --> 06:11.110
"arsenal".

65
06:12.690 --> 06:20.220
At this moment John's running and trying to crack other passwords; while cracking you can press any

66
06:20.220 --> 06:21.130
key

67
06:21.180 --> 06:26.590
for status or Ctr + C to abort.

68
06:29.280 --> 06:38.530
It has aborted the station and created a saving point information. If you press Ctr+ C twice

69
06:38.540 --> 06:47.090
John will abort immediately without saving. If I want to see cracked passwords I execute john

70
06:47.500 --> 07:00.770
--show and the file unshadowed.txt. Okay, only two minus signs;  it has correct five passwords.

71
07:02.070 --> 07:09.390
To continue uninterrupted session  run john -restore, in the same directory,

72
07:09.450 --> 07:10.400
very important.

73
07:13.480 --> 07:21.770
And the cracking session was restored and it has completed the session! Once again

74
07:21.840 --> 07:28.340
run this comment in the same direct directory where you have aborted the session you want to restore.