1
00:00:00,880 --> 00:00:06,940
‫John the Ripper is a fast password cracker currently available for many flavors of Unix, windows,

2
00:00:06,940 --> 00:00:14,620
‫doors and open VMS initially developed for the Unix operating system, it now runs on 15 different platforms.

3
00:00:15,670 --> 00:00:22,180
‫It's one of the most popular password testing and breaking programs as it combines a number of password

4
00:00:22,180 --> 00:00:28,960
‫crackers into one package autodidacts, password hash types and includes a customizable cracker.

5
00:00:29,950 --> 00:00:35,920
‫John, the river is free and open source software distributed primarily in source code for.

6
00:00:36,940 --> 00:00:42,310
‫If you'd rather use a commercial product tailored for your specific operating system, please consider

7
00:00:42,310 --> 00:00:43,360
‫John the Ripper pro.

8
00:00:44,370 --> 00:00:50,310
‫Which is distributed primarily in the form of native packages for the target operating systems and in

9
00:00:50,310 --> 00:00:56,130
‫general it's meant to be easier to install and use while delivering optimal performance.

10
00:00:58,130 --> 00:01:05,390
‫Now, there is another version of John, which is the community enhanced version, this version integrates

11
00:01:05,570 --> 00:01:13,940
‫lots of contributed patches, adding GPU support, open S.L and Cutaş for a hundred of additional hash

12
00:01:13,940 --> 00:01:21,080
‫and cipher types, including popular ones such as NLM, Raw, AMD, five cetera, and even things such

13
00:01:21,080 --> 00:01:28,460
‫as encrypted Open SSA, private keys, ZIP and RJR archives, PDF files, etc..

14
00:01:29,490 --> 00:01:32,100
‫As well as some optimisations and features.

15
00:01:33,390 --> 00:01:35,610
‫So let's see, John, the river in action.

16
00:01:38,670 --> 00:01:43,560
‫Official free and open source version of John the Ripper is embedded in Colly.

17
00:01:44,450 --> 00:01:51,440
‫If you type John with no parameter, you'll see the manual page of the tool, you see the usage and

18
00:01:51,440 --> 00:01:52,820
‫all the options of John.

19
00:01:53,960 --> 00:01:56,970
‫Let's build an offline dictionary attack with John.

20
00:01:58,110 --> 00:02:04,590
‫The first parameter is wordlist, don't forget to put the equals sign after the parameter.

21
00:02:05,660 --> 00:02:09,200
‫Name of the dictionary file with a full path comes here.

22
00:02:10,810 --> 00:02:16,210
‫So I'll open another terminal screen and search for a password list using the fine common.

23
00:02:22,400 --> 00:02:26,840
‫Now, there is a folder called Word Wordlist under the Métis Boyte framework folder.

24
00:02:27,350 --> 00:02:29,330
‫Let's go to that folder to see it content.

25
00:02:32,040 --> 00:02:36,610
‫And there are a lot of word lists here for different purposes right now.

26
00:02:36,630 --> 00:02:40,470
‫I want to look at the length of the password list file.

27
00:02:41,470 --> 00:02:49,690
‫Cat password, dot elstein, pipe W, C for word count, the first one is the number of lines and the

28
00:02:49,690 --> 00:02:53,860
‫second one is a number of words, which is the same with a line numbers.

29
00:02:54,070 --> 00:02:56,590
‫And the third one is the number of characters.

30
00:02:56,810 --> 00:02:59,650
‫So there are about 90000 passwords in this list.

31
00:03:00,530 --> 00:03:03,500
‫Obviously, the fire with less command.

32
00:03:04,550 --> 00:03:11,660
‫You can search a word inside the last command by pressing the button, so I'll search for the password

33
00:03:11,660 --> 00:03:13,700
‫of the administrator, no result.

34
00:03:14,870 --> 00:03:17,090
‫MSF admin now Resul.

35
00:03:18,190 --> 00:03:25,090
‫So note here that these steps are just to have successful result in a typical penetration test, you

36
00:03:25,090 --> 00:03:27,880
‫won't know the passwords of the victim systems.

37
00:03:28,850 --> 00:03:33,410
‫Beyond that, if you already know the password of the victim, well, what's the reason for adding it

38
00:03:33,410 --> 00:03:35,050
‫to a dictionary and then finding it again?

39
00:03:35,990 --> 00:03:41,020
‫Suppose that these steps never happen and the words were already in the list were used, right?

40
00:03:42,310 --> 00:03:48,280
‫Now, I'll open the dictionary and add a few words, so I'll repeat that we're just supposing that the

41
00:03:48,280 --> 00:03:52,170
‫process never happened and the words were already in the list.

42
00:03:52,210 --> 00:03:54,090
‫But I just want to show you the mechanics of it.

43
00:03:58,260 --> 00:04:02,220
‫So now we can use this list as the word list in John.

44
00:04:03,190 --> 00:04:05,530
‫So write the file name with the full power.

45
00:04:13,130 --> 00:04:15,320
‫The second parameter is the hash file.

46
00:04:17,800 --> 00:04:21,000
‫Now, I'll run the command, adding no more parameters for.

47
00:04:23,450 --> 00:04:31,580
‫So if you don't specify the hash pipe John detects itself, it detected the hash type as Elim and warns

48
00:04:31,580 --> 00:04:32,990
‫us about the NTE hash.

49
00:04:33,900 --> 00:04:34,980
‫And here are the result.

50
00:04:36,000 --> 00:04:43,050
‫Guest password is empty, it also shows the first part of the administrators hash and the second part

51
00:04:43,050 --> 00:04:47,940
‫of cyber labs hash and as you see here in all uppercase letters.

52
00:04:49,620 --> 00:04:55,950
‫Now, you'll recall the latest command and ad the format parameter is empty this time and hit enter.

53
00:04:57,070 --> 00:04:57,880
‫Here are the results.

54
00:04:59,030 --> 00:05:03,980
‫Now we see all the letters in their own formats, upper case or lower case?

55
00:05:05,250 --> 00:05:08,880
‫So now I want to try to crack the Windows eight hashes.

56
00:05:09,780 --> 00:05:12,720
‫So I'll give you a hash vial of the Windows eight system this time.

57
00:05:13,740 --> 00:05:21,210
‫I removed the format parameter and run the command, John reckons the hashes as L.M. and got no result.

58
00:05:22,140 --> 00:05:24,630
‫So let's give the hash format.

59
00:05:29,340 --> 00:05:30,450
‫Now we have a result.

60
00:05:31,420 --> 00:05:35,760
‫Password of Uttam user is Urabe 12, but wait a sec.

61
00:05:36,760 --> 00:05:42,940
‫When he was eight as a user with the password, one, two, three, four, QQQ uppercase Q and DOT,

62
00:05:42,940 --> 00:05:47,650
‫which is the same with the password of the administrator user of Windows XP.

63
00:05:48,670 --> 00:05:53,170
‫We know that the word is in the dictionary, so why couldn't John crack it?

64
00:05:54,610 --> 00:06:01,240
‫Well, the answer is inside the John that pot file, so let's find his location using the Find Lennix

65
00:06:01,240 --> 00:06:01,630
‫command.

66
00:06:02,690 --> 00:06:05,510
‫And let's see the content of the file with the cat command.

67
00:06:09,550 --> 00:06:17,050
‫So, John Storrs, the findings in John Negroponte file with the hash format, and if it finds the same

68
00:06:17,050 --> 00:06:20,260
‫hash with the same format, it doesn't try to crack it again.

69
00:06:20,480 --> 00:06:26,770
‫So you should look at the John, that Potti file for the hashes you try to crack with John.

70
00:06:26,890 --> 00:06:27,200
‫Right.

71
00:06:28,450 --> 00:06:33,730
‫So if we were on the latest command, again, it won't crack any hash because they've all been cracked

72
00:06:33,730 --> 00:06:34,240
‫before.

73
00:06:36,000 --> 00:06:38,820
‫So if you delete the johnboat part file.

74
00:06:41,420 --> 00:06:46,400
‫And run the latest command again, you'll see all the crack results of the hash file.

75
00:06:48,540 --> 00:06:48,840
‫Good.

76
00:06:48,910 --> 00:06:53,130
‫Let's move on and try to crack the hashes of the medicine, voidable Linux VM.

77
00:06:53,130 --> 00:06:59,940
‫Now the hash file is hash, M-2, dot text and don't give the format parameter.

78
00:07:00,120 --> 00:07:03,690
‫I'll let John detect the hash type and hit enter.

79
00:07:04,780 --> 00:07:09,130
‫So it detected the harsh type as 95 creped, and that's correct.

80
00:07:10,440 --> 00:07:15,990
‫So look at that, we cracked password, the passwords of the Métis employable users are not so complicated,

81
00:07:15,990 --> 00:07:16,360
‫are they?

82
00:07:17,340 --> 00:07:19,560
‫So look at the John Pottuvil once more.

83
00:07:20,640 --> 00:07:26,730
‫And now you see the new hash is stored with hash type one where one stands for MDVIP.

84
00:07:27,620 --> 00:07:28,100
‫Excellent.