TUTORIAL PASSWORD CRACKING
JOHN THE RIPPER: TUTORIAL CRACK PASSWORDS How secure are your passwords? Find out (and learn to stay safer BEN EVERARD online) by trying to crack them.
ost people use passwords many times a WHY DO THIS? day. They’re the keys that unlock digital • Check the strength of Mdoors and give us access to our computers, password hashes. our email, our data and sometimes even our money. • Understand the options As more and more things move online, passwords when creating a secure secure an ever growing part of our lives. We’re told to system. add capital letters, numbers and punctuation to these • Learn how password crackers work so you passwords to make them more secure, but just what can create secure difference do these have? What does a really secure passwords. password look like? In order to answer these questions, we’re going to turn attacker and look at the methods used to crack passwords. There are a few password-cracking tools available for Linux, but we’re going to use John The There are online services (like www.cloudcracker.com) Ripper, because it’s open source and is in most distros’ that will try to crack passwords for a small fee. repositories (usually, the package is just called john). In order to use it, we need something to try to crack. After downloading that file, you can try and crack We’ve created a file with a set of MD5-hashed the passwords with: passwords. They’re all real passwords that were john md5s-short stolen from a website and posted on the internet. The passwords in this file are all quite simple, and you MD5 is quite an old hashing method, and we’re using should crack them all very quickly. Not all password The speed at which John it because it should be relatively quick to crack on hashes will surrender their secrets this easily. can crack hashes varies most hardware. To make matters easier, all the When you run john like this, it tries increasingly dramatically depending hashes use the same salt (see boxout for details). more complex sequences until it finds the password. on the hashing algorithm. Slow algorithms (such Although we’ve chosen a setup that’s quick to crack, If there are complex passwords, it may continue as bcrypt) can be tens of this same setup is quite common in organisations running for months or years unless you press Ctrl+C thousands of times slower that don’t focus on security. You can download the to terminate it. than quick ones like DES. files from www.linuxvoice.com/passwords. Once this has finished running you can see what passwords it found with: john --show md5s-short That’s the simplest way of cracking passwords – and you’ve just seen that it can be quite effective – now lets take a closer look at what just happened. John The Ripper works by taking words from a dictionary, hashing them, and comparing these hashes with the ones you’re trying to crack. If the two hashes match, that’s the password you’re looking for. A crucial point in password cracking is how quickly you can perform these checks. You can see how fast john can run on your computer by entering: john --test This will benchmark a few different hashing algorithms and give their speeds in checks per second (c/s). By default, John will run in single-threaded mode, but if you want to take full advantage of a multi- threaded approach, you can add the --fork=N option to the command where N is the number of processes. Typically, this is best where N is the number of CPU cores you want to dedicate to the task.
86 www.linuxvoice.com PASSWORD CRACKING TUTORIAL
Processing power
The faster your computer can hash passwords, the more you can try in a given amount of time, and therefore the better chance you have of cracking the password. In this article, we’ve used John The Ripper because it’s an open source tool that’s available on almost all Linux platforms. However, it’s not always the best option. John runs on the CPU, but password hashing can be run really efficiently on graphics cards. Hashcat is password cracking program that runs on graphics cards, and on the right hardware can perform much better than John. Specialised password cracking computers usually have several high-performance GPUs and rely on these for their speed. You probably won’t find Hashcat in your distro’s repositories, but you can download it from www.hashcat. net (it’s free as in zero cost, but not free as in free software). It comes in two flavours: ocl-Hashcat for OpenCL cards (AMD), and cuda-Hashcat for Nvidia cards. Raw performance, of course, means very little without finesse, so fancy hardware with GPU crackers means very little if you don’t have a good set of words and rules.
In the previous example, you probably found John cracked most of the passwords very quickly. This is Hydra can be used to try because they were all common passwords. Since it won’t bother trying to crack anything, as it already and guess passwords on John works by checking a dictionary of words, has all the passwords. The regular dictionary isn’t as network services, although common passwords are very easy to find. good as John The Ripper’s dictionary, so this won’t get this is much slower than John comes with a word list that it uses by default. all the passwords. cracking hashes locally. This is quite good, but to crack more and more secure passwords, you then need a word list with more Mangling words words. People who crack passwords regularly often Secure services often place rules on what passwords build their own word lists over years, and they can are allowed. For example, they might insist on upper come from many sources. General dictionaries are and lower case letters as well as numbers or good places to start (which languages you pick will punctuation. In general, people won’t add these depend on your target demographic), but these don’t randomly, but put them in words in specific ways. For usually contain names, slang or other terms. example, they might add a number to the end of a Crackers regularly steal passwords from word, or replace letters in a word with punctuation organisations (often websites) and post them online. that looks similar (such as a with @). These password leaks may contain thousands or even John The Ripper provides the tools to mangle words millions of passwords, so these are a great source of in this way, so that we can check these combinations extra words. To search out even more elusive words, from a normal word list. crackers turn to web scrapers and other tools to find For this example, we’ll use the password file from sequences of characters that are used. There are www.linuxvoice.com/passwords, which contains the some good sources of words at https://wiki. passwords: password, Password, PASSWORD, skullsecurity.org/Passwords, while good word lists password1, p@ssword, P@ssword, Pa55w0rd, are often sold (such as https://crackstation.net/ p@55w0rd. First, create a new text file called buy-crackstation-wordlist-password-cracking- passwordlist containing just: dictionary.htm, which is pay-what-you-want). The password latter has about 1.5 billion words. Larger word lists are This will be the dictionary, and we’ll create rules that available, but often for a fee. crack all the passwords based of this one root word. With John, you can use a custom word list with the Rules are specified in the john.conf file. By default, --wordlist=
www.linuxvoice.com 87 TUTORIAL PASSWORD CRACKING
On the second line, the $ symbol means append the following character to the password. In this case, it’s not a single character, but a class of characters (digits), so it tries ten different words (password0, password1… password9). To get the remaining passwords, you need to add the following rules to the config file: csa@ sa@so0ss5 css5so0 The rule s
Limitations of cracking rules The language for creating rules isn’t very expressive. For example, you can’t say: ‘try every combination of A text-menu driven tool for creating John The Ripper config files is available from the following rules’. The reason for that is speed. The https://sites.google.com/site/reusablesec2/jtrconfiggenerator. rules engine has to be able to run thousands or even millions of times per second while not significantly add more in a minute). The : just tells John to try the slowing down the hashing. word as it is, no alterations, while c stands for You’ve probably guessed by now that creating a capitalise, which makes the first character of the word good set of rules is quite a time-consuming process. It upper case. You can try this out with: involves a detailed knowledge of what patterns are john passwords.md5 --wordlist=passwordlist --rules commonly used to create passwords, and an You should now crack two of the passwords despite understanding of the archaic syntax used in the rules there only being one word in the dictionary. Let’s try engines. It’s good to have an understanding of how and get a few more now. Add the following to the they work, but unless you’re a professional penetration config file: tester, it’s usually best to use a pre-created rule list. u The default rules with John are quite good, but there $[0-9] are some more complex ones available. One of the The first line here makes the whole word upper case. best public ones comes from a DefCon contest in 2010. You can grab the ruleset from the website: How passwords work http://contest-2010.korelogic.com/rules.html. You’ll get a file called rules.txt, which is a John The Passwords present something of a impossible to reverse (otherwise it’s not a Ripper configuration file, and there are some usage computing conundrum. When people enter hashing algorithm), but other than this, it examples on the above website. However, it’s not their password, the computer has to be able should minimise the number of collisions. designed to work with the default version of John The to check that they’ve entered the right This is where two different things produce password. At the same time though, it’s a the same hash, and the computer would Ripper, but a patched version (sometimes called bad idea to store passwords anywhere on the therefore accept both as valid. It was a -jumbo). This isn’t usually available in distro computer, since that would mean that any collision in the MD5 hashing algorithm that repositories, but it can be worth compiling it because it hacker or malware might be able to get the allowed the Flame malware to infiltrate the has more features than the default build. To get it, passwords file and then compromise every Iranian Oil Ministry and many other you’ll need to clone it from GitHub with: user account. government organisations in the Middle East. git clone https://github.com/magnumripper/JohnTheRipper Hashing (AKA one-way encryption) is Another important thing about good the solution to this problem. Hashing is hashing algorithms is that they’re slow. That cd JohnTheRipper/ a mathematical process that scrambles might sound a little odd, since generally There are a few options in the install procedure, and the password so that it’s impossible to algorithms are designed to be fast, but the these are documented in JohnTheRipper/doc/Install. unscramble it (hence one-way encryption). slower a hash is, the harder it is to crack. For We compiled it on an Ubuntu 14.04 system with: When you set the password, the computer normal use, it doesn’t make much difference cd JohnTheRipper/src hashes it and stores the hash (but not the if the hash takes 0.000001 seconds or 0.001 password). When you enter the password, seconds, but the latter takes 1,000 times ./configure && make -s clean && make -sj4 the computer then hashes it and compares longer to crack. This will leave the binary JohnTheRipper/run/john this hash to the stored hash. If they’re the You can get a reasonable idea of how fast that you can execute. It will expect the john.conf file same, then the computer assumes that the or slow an algorithm is by running john --test (which can be the file downloaded from KoreLogic) in passwords are the same and therefore lets to benchmark the different algorithms on you log in. your computer. The fewer checks per second, the same directory. There are a few things make a good the slower it will be for an attacker to break If you don’t want to compile the -jumbo version of hashing algorithm. Obviously, it should be any hashes using that algorithm. John, you can still use the rules from KoreLogic, you’ll just have to integrate them into a john.conf file by
88 www.linuxvoice.com PASSWORD CRACKING TUTORIAL
Salting
For hashing to work, every time a password is hashed, it has to thousand password hashes, it will be at least a thousand times produce the same result. This plays into the hands of crackers slower to crack them if they are salted (though it could be less because it means that if they have a list of password hashes if they can use rainbow tables to speed up the crack). they’ve stolen, they can check every word from their word list To be secure, salts have to be randomly generated. In WPA against all of them at the same time. It also means that they Wi-Fi security, the network name (SSID) is used as a salt for could create lookup tables with the hashed value of common the password. This is useful because it’s automatically known words to speed up the process of cracking passwords (these to both parties. However, SSIDs aren’t unique, and many are are sometimes known as rainbow tables). quite common. It’s possible to download lookup tables for To stop this, salts are sometimes used. Salts are small many of the most common SSIDs against many passwords. amounts of additional data that are added to the plain text A traditional crack against the hashing in WPA is quite slow, before hashing. They’re stored alongside the hash so that the because WPA uses 4,096 rounds of SHA1. The lookup tables same salt is used on the same password. Crackers who get sidestep this because the hashing has already been done. access to the hashes will also usually get access to the salts, It’s important to use a random salt to stop this sort of but it means they have to crack every password individually attack, and it’s important to use an obscure SSID on your Wi-Fi rather than working against the whole lot simultaneously. network to avoid falling victim. At the very least, salting will slow an attacker down by the You can download the lookup tables and a list of SSIDs factor of the number of hashes they have. If a cracker steals a from www.renderlab.net/projects/WPA-tables.
hand first. There are a lot of rules, so you’ll probably creating new users in your Linux system and giving want to pick out a few, and copy them into the john. them a password; then you can copy the /etc/shadow conf file in the same way you did when creating the file to your home directory and change the owner with: rules earlier, and omit the lines with square brackets. sudo cp /etc/shadow ~ As you’ve seen, cracking passwords is part art and sudo chown
We’ve created 100 users on our Linux box using Your task is to crack as many passwords as sends in their entry first. a range of passwords. Linux distros store the possible. They’re in the standard SHA512 format To enter, just send a plain password hashes in the /etc/shadow file, and you (John The Ripper – and most other password text file with a list of can get ours from www.linuxvoice.com/passwords. crackers – will detect this automatically). This is unhashed passwords that Some are easy, some are hard. Some are real quite a slow algorithm, and some of the passwords you’ve cracked from the passwords we’ve extracted from dumps, some are quite complex, so we don’t expect anyone to competition-shadow file to we’ve generated using password generators, others guess all of them. The prize will go to the person [email protected]. The deadline for entries is we created by hand (that might be a clue). Oh, and who manages to crack the most. If two people 25 October 2014. incidentally, we like the XKCD web comic. crack the same number, the prize will go to whoever Happy cracking!
www.linuxvoice.com 89