Google Ads
This is a transcript for a video linked here: Understand Password Hacking with John the Ripper.
00:00:00.240 --> 00:00:04.960 i've created some videos which explain password hashes and the risks associated with a poor 00:00:04.960 --> 00:00:10.960 choice password in this video i'm going to give a demonstration of the tools that hackers or more 00:00:10.960 --> 00:00:16.960 correct term crackers use to break passwords this is based on the theory that i covered 00:00:16.960 --> 00:00:22.880 in my earlier videos so you may want to watch those first see the description for more details 00:00:25.520 --> 00:00:30.000 whilst the earlier videos cover some of the theory this is going to be much more hands-on 00:00:30.000 --> 00:00:33.840 than the earlier videos i'll be using carly linux for the demonstration 00:00:34.560 --> 00:00:40.000 this is a distribution specifically designed for security testing and includes many cracking tools 00:00:40.880 --> 00:00:46.240 carly is running in a virtual machine as it's showing the computer with the ubuntu and some 00:00:46.240 --> 00:00:50.400 other programs it's not going to be quite as fast as running on a dedicated machine 00:00:52.080 --> 00:00:58.400 i'm going to start by looking at password hashes i'll be using sha1 for this example but now that 00:00:58.400 --> 00:01:04.800 sha-1 is now considered unsafe but it does have a useful tool which is going to make 00:01:04.800 --> 00:01:12.000 it useful for the demonstration and the tool i'll be using is sha one pass i'm going to give 00:01:12.000 --> 00:01:21.680 a quick demonstration of the char one pass tool it can be used to create a hashed version of 00:01:21.680 --> 00:01:27.520 a password so if i just do show one pass and then a password i'm going to use password here 00:01:30.800 --> 00:01:33.680 and you'll see that it's created a hash string 00:01:36.800 --> 00:01:43.840 now other than there's a vulnerability in the shell one pass essentially it's 00:01:43.840 --> 00:01:50.960 impossible to get from this string back to the password if i run the same command again 00:01:52.480 --> 00:02:01.040 then it'll give a completely different hash and this is because of a seed that is generated 00:02:01.040 --> 00:02:08.320 and in this case this is the seed which is between the second and third dollar signs 00:02:10.400 --> 00:02:22.160 so if we want to generate this password again with that seed we just put the seed at the end 00:02:22.160 --> 00:02:29.360 and you'll see it's generated this exact string and this is how the linux operating system 00:02:29.360 --> 00:02:39.360 can check if your password is correct this is what is saved in the etc shadow file 00:02:40.960 --> 00:02:50.720 and when you enter your password it reads this from the dollar for it knows that this is shar1 00:02:52.320 --> 00:03:00.480 it knows this is the seed it takes your password applies this seed and if the entire string 00:03:00.480 --> 00:03:04.640 matches the entire string that saves the password file or the shadow file 00:03:05.280 --> 00:03:12.080 then it knows it's correct and it'll let you onto the system if it doesn't then 00:03:13.760 --> 00:03:21.120 your login fails and this is the way that it can store a password in the form of a hash 00:03:22.320 --> 00:03:28.880 without knowing what the password is set to and it's important that whenever you create 00:03:28.880 --> 00:03:35.040 a new password it always gives a different hash value so if we replace that with test 00:03:36.320 --> 00:03:44.080 it'll give a new hash value it also uses a new seed which makes it a bit more secure by 00:03:44.960 --> 00:03:50.560 preventing someone creating tables of all the entries and having to run the seeds separately 00:03:52.720 --> 00:03:56.400 but we could also try with the same seed as we used before 00:03:59.280 --> 00:04:05.200 and you can see that the password hash is completely different when we use the word password 00:04:06.240 --> 00:04:14.800 and we can do it with other passwords as well try demo each time it'll give you a new unique hash 00:04:15.440 --> 00:04:22.080 now we can take a look at how these are stored and we can take a look at the ones on this system so 00:04:22.080 --> 00:04:29.520 they're in the etc and we've got the password file is the first one but there's no passwords 00:04:29.520 --> 00:04:36.160 actually stored in this file as you can see this is the second field is the password field and it's 00:04:36.160 --> 00:04:43.360 replaced by an x for all the values and that means that you have to look in the shadow file 00:04:46.000 --> 00:04:50.640 but i'm logged in as a regular user if i try to look at the shadow file 00:04:50.640 --> 00:04:59.120 it says permission denied this is a security feature means that only the root user which 00:04:59.120 --> 00:05:04.240 is the admin user can see that shadow file and only they can see the passwords 00:05:07.360 --> 00:05:11.200 so if we do it as root this time 00:05:18.960 --> 00:05:26.560 then we can see that there is only one user with a password in some of these they've got asterisks 00:05:26.560 --> 00:05:34.560 in and exclamation marks in which would prevent you logging in as them and the kali one has this 00:05:35.600 --> 00:05:43.760 encrypted or should i say hashed password it's longer than the example i just showed you with 00:05:43.760 --> 00:05:52.320 shower one and that's because this is using yes script denoted by dollar y but otherwise 00:05:52.880 --> 00:06:00.560 it's the same sort of thing basically a hashed password so the fact that 00:06:01.360 --> 00:06:06.400 only the root user can access this is obviously a significant security 00:06:07.680 --> 00:06:12.560 feature prevents just anybody from downloading it and trying to crack other people's 00:06:14.400 --> 00:06:22.000 passwords but there are potential vulnerabilities that could mean that the cracker could obtain that 00:06:22.000 --> 00:06:30.560 file there are different ways that a hacker can steal the passwords and here i'm looking at ways 00:06:30.560 --> 00:06:35.680 that hackers end up with a hashed version of the password there are other ways of obtaining the 00:06:35.680 --> 00:06:41.120 password either hashed or the plain text version some of which i've covered in my other videos 00:06:45.520 --> 00:06:51.120 good to look at these two together which is about physical access to a disk 00:06:51.840 --> 00:07:00.080 and this could be physical access to a disk by being able to get on the server or dumpster diving 00:07:00.080 --> 00:07:08.560 where hard disk drives been thrown in the rubbish and somebody's managed to obtain it that way 00:07:10.640 --> 00:07:15.600 obviously this could be a physical disk or in the case of something like a raspberry pi it could be 00:07:15.600 --> 00:07:24.000 the sd card so you can get those if you can put them in a different computer and read the data 00:07:25.440 --> 00:07:29.840 then you can get to the password files 00:07:31.760 --> 00:07:41.440 even if the data is encrypted the system files may not be so also bear in mind that 00:07:43.840 --> 00:07:48.240 so whilst physically removing the disk from a production server may look suspicious 00:07:49.200 --> 00:07:55.120 if it's an old server it's been decommissioned or thrown away you may not feel that think there's 00:07:55.120 --> 00:08:01.440 any valuable data on that server but if you use that same password on a current system then they 00:08:01.440 --> 00:08:10.960 can use that as a way to get into that different system another way is if someone has a genuine 00:08:10.960 --> 00:08:17.520 admin login to the computer what if that person goes rogue or what if someone manages to get root 00:08:17.520 --> 00:08:22.880 on a development or non-production server but then you use the same password on a different server 00:08:24.640 --> 00:08:30.880 going to look at softlab vulnerabilities and badly configured systems together 00:08:32.080 --> 00:08:39.760 basically if your server has a vulnerability such as a root exploit which allows the user 00:08:39.760 --> 00:08:48.560 to get root permissions elevated permissions then they could get the shadow file that way and 00:08:48.560 --> 00:08:54.560 the same with a badly configured system which may allow the cracker to get hold of that shadow file 00:08:56.560 --> 00:08:59.280 another source of password hashes is backups 00:09:00.400 --> 00:09:05.200 usually these should be stored securely and perhaps encrypted although that's an 00:09:05.200 --> 00:09:10.480 interesting topic if you encrypt your backup what happens if you lose the encryption key 00:09:10.480 --> 00:09:16.080 or where do you store the encryption key does that make the backups useless whether encrypted 00:09:16.080 --> 00:09:20.480 or not there needs to exist a backup with some way of restoring it in the event of a failure 00:09:20.480 --> 00:09:24.560 and if the cracker can get all that then they can get the password hashes from there 00:09:27.760 --> 00:09:33.360 and applications specifically looking at sql database attacks which is quite a common one 00:09:35.120 --> 00:09:41.040 if an application stores the password then that application may have a vulnerability that lets 00:09:41.040 --> 00:09:54.080 you access that and the sql database attack is where sometimes via sending certain sql commands 00:09:55.040 --> 00:10:04.160 in a user field for instance may trick the system into exposing the hashed password 00:10:04.160 --> 00:10:11.200 entries for the users for that database once the cracker has the password file or the shadow file 00:10:11.200 --> 00:10:18.000 then he can go about breaking the passwords some of the hashing algorithms such as md5 and char 00:10:18.000 --> 00:10:21.280 one are now considered broken and there are ways of getting the password 00:10:22.240 --> 00:10:26.480 from them or perhaps using a different combination that will give you the same hash 00:10:27.600 --> 00:10:33.040 but even if the hash algorithm is still secure then there are ways of obtaining the passwords 00:10:34.160 --> 00:10:38.240 the example shown here is a dictionary attack where the computer tries 00:10:38.800 --> 00:10:44.000 hashing different dictionary words to try and guess the password the word exists in 00:10:44.000 --> 00:10:50.480 the dictionary which also includes some common capitalizations and number substitutions and a 00:10:50.480 --> 00:10:56.960 computer can try those very quickly the other is brute force where every possible combination is 00:10:56.960 --> 00:11:01.760 tried which can take a very long time depending upon the number of characters in the password 00:11:03.600 --> 00:11:10.720 here you can see a few different tools that i use for cracking passwords and this is on the 00:11:11.600 --> 00:11:20.480 menu of kali linux some of these are used for different types of systems 00:11:22.240 --> 00:11:29.440 and the one i'll be using is john the ripper also referred to as just john it works with 00:11:29.440 --> 00:11:35.760 linux passwords but also includes windows land manager and other generic hashes which 00:11:35.760 --> 00:11:42.400 you can break as well there's also a gui graphical user interface version 00:11:42.400 --> 00:11:48.240 called johnny although it's more common just to use the command line versions of the programs 00:11:49.440 --> 00:11:58.720 here we can see how we run attack using john the ripper first i've got to combine 00:11:58.720 --> 00:12:04.960 the password and shadow files into a single file and you can do this using the shadow command 00:12:08.240 --> 00:12:10.800 and now we've got the file called mypasswd 00:12:12.080 --> 00:12:19.040 we can use john i'm going to use the format crypt because this is yes crypt and that's going to call 00:12:19.600 --> 00:12:26.080 the separate libraries to run this we use the word list rocky dot text which i used in a previous 00:12:27.680 --> 00:12:38.080 example and then i'm going to use it against my password this is going to take a long time to run 00:12:38.080 --> 00:12:46.000 in particular because it's using the script it's making a system call each time it tries to crack 00:12:47.920 --> 00:12:56.320 a particular dictionary word so this is really going to slow it down a lot so many listening 00:12:56.320 --> 00:13:04.080 systems including the raspberry pi and kali use yes script but it's not natively supported by 00:13:05.600 --> 00:13:12.640 which on the ripper but it can still run cracks against those passwords using this option 00:13:14.240 --> 00:13:19.840 format equals crypt because of this extra delay in calling that 00:13:20.560 --> 00:13:22.800 it doesn't really provide a useful demonstration 00:13:24.960 --> 00:13:30.080 as we keep going through this it's gonna crack some of the obvious ones 00:13:31.760 --> 00:13:38.640 but it's really not going to get very far i'll just run through some of these 00:13:42.960 --> 00:13:48.880 it's cracked the obvious password one two three it's taken just over two minutes to 00:13:48.880 --> 00:13:54.720 be able to crack this quite easy one so it's going to take quite a long time to 00:13:54.720 --> 00:14:01.840 get through and crack some more we'll just fast forward it a little and see if it's done anymore 00:14:02.480 --> 00:14:09.440 after running for about an hour and 15 minutes it's managed to crack just four passwords 00:14:10.000 --> 00:14:15.840 password one two three qwerty one two three four five six and smith one 00:14:18.560 --> 00:14:26.000 it also appears to crack raspberry but for some reason that's not showing when i look at the 00:14:27.040 --> 00:14:32.880 show command i'm not quite sure why that is but essentially so whilst you can 00:14:34.640 --> 00:14:42.800 use this against yes crypt it is very slow so what i'm going to show now is using a different hashing 00:14:42.800 --> 00:14:50.880 algorithm this is sha512 which is also commonly used on other systems so to do this i've created 00:14:50.880 --> 00:15:02.640 a separate file called sha512passwd and i've just put in that just the hash values that i've created 00:15:04.000 --> 00:15:08.640 these don't have a username associated with them so it's not going to detect any usernames 00:15:08.640 --> 00:15:12.800 it's just going to put a question mark next to them but you should be able to see it 00:15:14.240 --> 00:15:20.080 able to crack some of these a lot faster remember this is just because it's using native support 00:15:20.080 --> 00:15:27.600 within john the ripper rather than having to make system calls to run these hashing algorithms 00:15:30.080 --> 00:15:37.360 so i'm just going to run john against the new password file that i've created 00:15:38.240 --> 00:15:41.360 using the same word list and the rules option 00:15:48.240 --> 00:15:49.040 set that run in 00:15:51.680 --> 00:15:55.360 and as you can see almost straight away it cracks the first one password one two 00:15:55.360 --> 00:16:00.560 three quite an obvious one i'm going to leave this running now and we'll 00:16:00.560 --> 00:16:07.840 come back to it towards the end and see how many it managed to crack in a reasonable time period 00:16:15.920 --> 00:16:18.320 these are the passwords that were successfully cracked 00:16:19.360 --> 00:16:22.480 it's the fairly simple passwords that were vulnerable to a dictionary attack 00:16:23.200 --> 00:16:28.880 and note that some of these do have digits capital letters and even one with a special character 00:16:29.760 --> 00:16:34.080 so it's not just enough to put those in the password but it's how well you use them to 00:16:34.080 --> 00:16:39.760 make a complex password obviously the more complex the password the harder it will be to crack them 00:16:41.600 --> 00:16:48.800 in theory it could crack any password by using brute force but in reality the processing time 00:16:48.800 --> 00:16:57.600 needed to crack a complicated password is going to far outweigh the benefits of cracking that 00:16:57.600 --> 00:17:04.880 password the key is to make your password secure and you'll make the job much harder for crackers 00:17:06.320 --> 00:17:10.800 and for the brute force attacks then if you add more characters then it's going to significantly 00:17:10.800 --> 00:17:15.920 increase the time that it takes to correct those passwords to the point where it's unfeasible for 00:17:15.920 --> 00:17:21.360 them to correct the password so in addition to making sure you choose a secure password one of 00:17:21.360 --> 00:17:25.920 the most important things is to ensure that the passwords are not shared across multiple systems 00:17:26.640 --> 00:17:32.800 this limits the risk if someone is able to crack your password if you use a simple password on 00:17:33.440 --> 00:17:40.400 a system that somebody's able to crack and use that same password on your 00:17:40.960 --> 00:17:47.600 bank account then obviously there's a much greater risk by sharing that password across those systems 00:17:48.560 --> 00:17:53.520 this video has shown just one of the tools that crackers can use to break passwords from a stolen 00:17:53.520 --> 00:17:58.960 password hash file this is quite a specific type of attack you should be aware that there are other 00:17:58.960 --> 00:18:04.640 ways attackers can try and steal passwords which don't need the hackers to crack the password file 00:18:06.320 --> 00:18:10.880 you can use this to test your own password files but remember that you should not use this against 00:18:10.880 --> 00:18:15.040 anyone else's system unless you have explicit permission from the owners to do that 00:18:15.840 --> 00:18:20.080 to do so would in many countries be considered a crime even if you don't plan to do anything 00:18:20.080 --> 00:18:26.800 malicious with that information please consider subscribing and click the notification icon 00:18:26.800 --> 00:18:31.600 to get notified about my future videos also please give this video a like and let me know 00:18:31.600 --> 00:18:36.240 in the comments if there's anything else you'd like me to cover in future thanks for watching
