Third party cookies may be stored when visiting this site. Please see the cookie information.

Penguin Fortress YouTube Channel

Video transcript: Understanding Password Hacking with John the Ripper

This is a transcript for a video linked here: Understand Password Hacking with John the Ripper.

Video transcript - Understanding Password Hacking with John the Ripper

00:00:00.240 --> 00:00:04.960

i've created some videos which explain password

hashes and the risks associated with a poor

00:00:04.960 --> 00:00:10.960

choice password in this video i'm going to give

a demonstration of the tools that hackers or more

00:00:10.960 --> 00:00:16.960

correct term crackers use to break passwords

this is based on the theory that i covered

00:00:16.960 --> 00:00:22.880

in my earlier videos so you may want to watch

those first see the description for more details

00:00:25.520 --> 00:00:30.000

whilst the earlier videos cover some of the

theory this is going to be much more hands-on

00:00:30.000 --> 00:00:33.840

than the earlier videos i'll be using

carly linux for the demonstration

00:00:34.560 --> 00:00:40.000

this is a distribution specifically designed for

security testing and includes many cracking tools

00:00:40.880 --> 00:00:46.240

carly is running in a virtual machine as it's

showing the computer with the ubuntu and some

00:00:46.240 --> 00:00:50.400

other programs it's not going to be quite

as fast as running on a dedicated machine

00:00:52.080 --> 00:00:58.400

i'm going to start by looking at password hashes

i'll be using sha1 for this example but now that

00:00:58.400 --> 00:01:04.800

sha-1 is now considered unsafe but it does

have a useful tool which is going to make

00:01:04.800 --> 00:01:12.000

it useful for the demonstration and the tool

i'll be using is sha one pass i'm going to give

00:01:12.000 --> 00:01:21.680

a quick demonstration of the char one pass tool

it can be used to create a hashed version of

00:01:21.680 --> 00:01:27.520

a password so if i just do show one pass and

then a password i'm going to use password here

00:01:30.800 --> 00:01:33.680

and you'll see that it's created a hash string

00:01:36.800 --> 00:01:43.840

now other than there's a vulnerability

in the shell one pass essentially it's

00:01:43.840 --> 00:01:50.960

impossible to get from this string back to

the password if i run the same command again

00:01:52.480 --> 00:02:01.040

then it'll give a completely different hash

and this is because of a seed that is generated

00:02:01.040 --> 00:02:08.320

and in this case this is the seed which is

between the second and third dollar signs

00:02:10.400 --> 00:02:22.160

so if we want to generate this password again

with that seed we just put the seed at the end

00:02:22.160 --> 00:02:29.360

and you'll see it's generated this exact string

and this is how the linux operating system

00:02:29.360 --> 00:02:39.360

can check if your password is correct this

is what is saved in the etc shadow file

00:02:40.960 --> 00:02:50.720

and when you enter your password it reads this

from the dollar for it knows that this is shar1

00:02:52.320 --> 00:03:00.480

it knows this is the seed it takes your password

applies this seed and if the entire string

00:03:00.480 --> 00:03:04.640

matches the entire string that saves

the password file or the shadow file

00:03:05.280 --> 00:03:12.080

then it knows it's correct and it'll let

you onto the system if it doesn't then

00:03:13.760 --> 00:03:21.120

your login fails and this is the way that it

can store a password in the form of a hash

00:03:22.320 --> 00:03:28.880

without knowing what the password is set to

and it's important that whenever you create

00:03:28.880 --> 00:03:35.040

a new password it always gives a different

hash value so if we replace that with test

00:03:36.320 --> 00:03:44.080

it'll give a new hash value it also uses a

new seed which makes it a bit more secure by

00:03:44.960 --> 00:03:50.560

preventing someone creating tables of all the

entries and having to run the seeds separately

00:03:52.720 --> 00:03:56.400

but we could also try with the

same seed as we used before

00:03:59.280 --> 00:04:05.200

and you can see that the password hash is

completely different when we use the word password

00:04:06.240 --> 00:04:14.800

and we can do it with other passwords as well try

demo each time it'll give you a new unique hash

00:04:15.440 --> 00:04:22.080

now we can take a look at how these are stored and

we can take a look at the ones on this system so

00:04:22.080 --> 00:04:29.520

they're in the etc and we've got the password

file is the first one but there's no passwords

00:04:29.520 --> 00:04:36.160

actually stored in this file as you can see this

is the second field is the password field and it's

00:04:36.160 --> 00:04:43.360

replaced by an x for all the values and that

means that you have to look in the shadow file

00:04:46.000 --> 00:04:50.640

but i'm logged in as a regular user

if i try to look at the shadow file

00:04:50.640 --> 00:04:59.120

it says permission denied this is a security

feature means that only the root user which

00:04:59.120 --> 00:05:04.240

is the admin user can see that shadow

file and only they can see the passwords

00:05:07.360 --> 00:05:11.200

so if we do it as root this time

00:05:18.960 --> 00:05:26.560

then we can see that there is only one user with

a password in some of these they've got asterisks

00:05:26.560 --> 00:05:34.560

in and exclamation marks in which would prevent

you logging in as them and the kali one has this

00:05:35.600 --> 00:05:43.760

encrypted or should i say hashed password it's

longer than the example i just showed you with

00:05:43.760 --> 00:05:52.320

shower one and that's because this is using

yes script denoted by dollar y but otherwise

00:05:52.880 --> 00:06:00.560

it's the same sort of thing basically

a hashed password so the fact that

00:06:01.360 --> 00:06:06.400

only the root user can access this

is obviously a significant security

00:06:07.680 --> 00:06:12.560

feature prevents just anybody from downloading

it and trying to crack other people's

00:06:14.400 --> 00:06:22.000

passwords but there are potential vulnerabilities

that could mean that the cracker could obtain that

00:06:22.000 --> 00:06:30.560

file there are different ways that a hacker can

steal the passwords and here i'm looking at ways

00:06:30.560 --> 00:06:35.680

that hackers end up with a hashed version of the

password there are other ways of obtaining the

00:06:35.680 --> 00:06:41.120

password either hashed or the plain text version

some of which i've covered in my other videos

00:06:45.520 --> 00:06:51.120

good to look at these two together

which is about physical access to a disk

00:06:51.840 --> 00:07:00.080

and this could be physical access to a disk by

being able to get on the server or dumpster diving

00:07:00.080 --> 00:07:08.560

where hard disk drives been thrown in the rubbish

and somebody's managed to obtain it that way

00:07:10.640 --> 00:07:15.600

obviously this could be a physical disk or in the

case of something like a raspberry pi it could be

00:07:15.600 --> 00:07:24.000

the sd card so you can get those if you can put

them in a different computer and read the data

00:07:25.440 --> 00:07:29.840

then you can get to the password files

00:07:31.760 --> 00:07:41.440

even if the data is encrypted the system

files may not be so also bear in mind that

00:07:43.840 --> 00:07:48.240

so whilst physically removing the disk from

a production server may look suspicious

00:07:49.200 --> 00:07:55.120

if it's an old server it's been decommissioned or

thrown away you may not feel that think there's

00:07:55.120 --> 00:08:01.440

any valuable data on that server but if you use

that same password on a current system then they

00:08:01.440 --> 00:08:10.960

can use that as a way to get into that different

system another way is if someone has a genuine

00:08:10.960 --> 00:08:17.520

admin login to the computer what if that person

goes rogue or what if someone manages to get root

00:08:17.520 --> 00:08:22.880

on a development or non-production server but then

you use the same password on a different server

00:08:24.640 --> 00:08:30.880

going to look at softlab vulnerabilities

and badly configured systems together

00:08:32.080 --> 00:08:39.760

basically if your server has a vulnerability

such as a root exploit which allows the user

00:08:39.760 --> 00:08:48.560

to get root permissions elevated permissions

then they could get the shadow file that way and

00:08:48.560 --> 00:08:54.560

the same with a badly configured system which may

allow the cracker to get hold of that shadow file

00:08:56.560 --> 00:08:59.280

another source of password hashes is backups

00:09:00.400 --> 00:09:05.200

usually these should be stored securely

and perhaps encrypted although that's an

00:09:05.200 --> 00:09:10.480

interesting topic if you encrypt your backup

what happens if you lose the encryption key

00:09:10.480 --> 00:09:16.080

or where do you store the encryption key does

that make the backups useless whether encrypted

00:09:16.080 --> 00:09:20.480

or not there needs to exist a backup with some

way of restoring it in the event of a failure

00:09:20.480 --> 00:09:24.560

and if the cracker can get all that then

they can get the password hashes from there

00:09:27.760 --> 00:09:33.360

and applications specifically looking at sql

database attacks which is quite a common one

00:09:35.120 --> 00:09:41.040

if an application stores the password then that

application may have a vulnerability that lets

00:09:41.040 --> 00:09:54.080

you access that and the sql database attack is

where sometimes via sending certain sql commands

00:09:55.040 --> 00:10:04.160

in a user field for instance may trick the

system into exposing the hashed password

00:10:04.160 --> 00:10:11.200

entries for the users for that database once the

cracker has the password file or the shadow file

00:10:11.200 --> 00:10:18.000

then he can go about breaking the passwords some

of the hashing algorithms such as md5 and char

00:10:18.000 --> 00:10:21.280

one are now considered broken and

there are ways of getting the password

00:10:22.240 --> 00:10:26.480

from them or perhaps using a different

combination that will give you the same hash

00:10:27.600 --> 00:10:33.040

but even if the hash algorithm is still secure

then there are ways of obtaining the passwords

00:10:34.160 --> 00:10:38.240

the example shown here is a dictionary

attack where the computer tries

00:10:38.800 --> 00:10:44.000

hashing different dictionary words to try

and guess the password the word exists in

00:10:44.000 --> 00:10:50.480

the dictionary which also includes some common

capitalizations and number substitutions and a

00:10:50.480 --> 00:10:56.960

computer can try those very quickly the other is

brute force where every possible combination is

00:10:56.960 --> 00:11:01.760

tried which can take a very long time depending

upon the number of characters in the password

00:11:03.600 --> 00:11:10.720

here you can see a few different tools that i

use for cracking passwords and this is on the

00:11:11.600 --> 00:11:20.480

menu of kali linux some of these are

used for different types of systems

00:11:22.240 --> 00:11:29.440

and the one i'll be using is john the ripper

also referred to as just john it works with

00:11:29.440 --> 00:11:35.760

linux passwords but also includes windows

land manager and other generic hashes which

00:11:35.760 --> 00:11:42.400

you can break as well there's also a

gui graphical user interface version

00:11:42.400 --> 00:11:48.240

called johnny although it's more common just to

use the command line versions of the programs

00:11:49.440 --> 00:11:58.720

here we can see how we run attack using

john the ripper first i've got to combine

00:11:58.720 --> 00:12:04.960

the password and shadow files into a single file

and you can do this using the shadow command

00:12:08.240 --> 00:12:10.800

and now we've got the file called mypasswd

00:12:12.080 --> 00:12:19.040

we can use john i'm going to use the format crypt

because this is yes crypt and that's going to call

00:12:19.600 --> 00:12:26.080

the separate libraries to run this we use the word

list rocky dot text which i used in a previous

00:12:27.680 --> 00:12:38.080

example and then i'm going to use it against my

password this is going to take a long time to run

00:12:38.080 --> 00:12:46.000

in particular because it's using the script it's

making a system call each time it tries to crack

00:12:47.920 --> 00:12:56.320

a particular dictionary word so this is really

going to slow it down a lot so many listening

00:12:56.320 --> 00:13:04.080

systems including the raspberry pi and kali use

yes script but it's not natively supported by

00:13:05.600 --> 00:13:12.640

which on the ripper but it can still run cracks

against those passwords using this option

00:13:14.240 --> 00:13:19.840

format equals crypt because of

this extra delay in calling that

00:13:20.560 --> 00:13:22.800

it doesn't really provide a useful demonstration

00:13:24.960 --> 00:13:30.080

as we keep going through this it's

gonna crack some of the obvious ones

00:13:31.760 --> 00:13:38.640

but it's really not going to get very

far i'll just run through some of these

00:13:42.960 --> 00:13:48.880

it's cracked the obvious password one two

three it's taken just over two minutes to

00:13:48.880 --> 00:13:54.720

be able to crack this quite easy one so

it's going to take quite a long time to

00:13:54.720 --> 00:14:01.840

get through and crack some more we'll just fast

forward it a little and see if it's done anymore

00:14:02.480 --> 00:14:09.440

after running for about an hour and 15 minutes

it's managed to crack just four passwords

00:14:10.000 --> 00:14:15.840

password one two three qwerty one

two three four five six and smith one

00:14:18.560 --> 00:14:26.000

it also appears to crack raspberry but for some

reason that's not showing when i look at the

00:14:27.040 --> 00:14:32.880

show command i'm not quite sure why that

is but essentially so whilst you can

00:14:34.640 --> 00:14:42.800

use this against yes crypt it is very slow so what

i'm going to show now is using a different hashing

00:14:42.800 --> 00:14:50.880

algorithm this is sha512 which is also commonly

used on other systems so to do this i've created

00:14:50.880 --> 00:15:02.640

a separate file called sha512passwd and i've just

put in that just the hash values that i've created

00:15:04.000 --> 00:15:08.640

these don't have a username associated with

them so it's not going to detect any usernames

00:15:08.640 --> 00:15:12.800

it's just going to put a question mark next

to them but you should be able to see it

00:15:14.240 --> 00:15:20.080

able to crack some of these a lot faster remember

this is just because it's using native support

00:15:20.080 --> 00:15:27.600

within john the ripper rather than having to

make system calls to run these hashing algorithms

00:15:30.080 --> 00:15:37.360

so i'm just going to run john against

the new password file that i've created

00:15:38.240 --> 00:15:41.360

using the same word list and the rules option

00:15:48.240 --> 00:15:49.040

set that run in

00:15:51.680 --> 00:15:55.360

and as you can see almost straight away

it cracks the first one password one two

00:15:55.360 --> 00:16:00.560

three quite an obvious one i'm going

to leave this running now and we'll

00:16:00.560 --> 00:16:07.840

come back to it towards the end and see how many

it managed to crack in a reasonable time period

00:16:15.920 --> 00:16:18.320

these are the passwords that

were successfully cracked

00:16:19.360 --> 00:16:22.480

it's the fairly simple passwords that

were vulnerable to a dictionary attack

00:16:23.200 --> 00:16:28.880

and note that some of these do have digits capital

letters and even one with a special character

00:16:29.760 --> 00:16:34.080

so it's not just enough to put those in the

password but it's how well you use them to

00:16:34.080 --> 00:16:39.760

make a complex password obviously the more complex

the password the harder it will be to crack them

00:16:41.600 --> 00:16:48.800

in theory it could crack any password by using

brute force but in reality the processing time

00:16:48.800 --> 00:16:57.600

needed to crack a complicated password is going

to far outweigh the benefits of cracking that

00:16:57.600 --> 00:17:04.880

password the key is to make your password secure

and you'll make the job much harder for crackers

00:17:06.320 --> 00:17:10.800

and for the brute force attacks then if you add

more characters then it's going to significantly

00:17:10.800 --> 00:17:15.920

increase the time that it takes to correct those

passwords to the point where it's unfeasible for

00:17:15.920 --> 00:17:21.360

them to correct the password so in addition to

making sure you choose a secure password one of

00:17:21.360 --> 00:17:25.920

the most important things is to ensure that the

passwords are not shared across multiple systems

00:17:26.640 --> 00:17:32.800

this limits the risk if someone is able to crack

your password if you use a simple password on

00:17:33.440 --> 00:17:40.400

a system that somebody's able to crack

and use that same password on your

00:17:40.960 --> 00:17:47.600

bank account then obviously there's a much greater

risk by sharing that password across those systems

00:17:48.560 --> 00:17:53.520

this video has shown just one of the tools that

crackers can use to break passwords from a stolen

00:17:53.520 --> 00:17:58.960

password hash file this is quite a specific type

of attack you should be aware that there are other

00:17:58.960 --> 00:18:04.640

ways attackers can try and steal passwords which

don't need the hackers to crack the password file

00:18:06.320 --> 00:18:10.880

you can use this to test your own password files

but remember that you should not use this against

00:18:10.880 --> 00:18:15.040

anyone else's system unless you have explicit

permission from the owners to do that

00:18:15.840 --> 00:18:20.080

to do so would in many countries be considered

a crime even if you don't plan to do anything

00:18:20.080 --> 00:18:26.800

malicious with that information please consider

subscribing and click the notification icon

00:18:26.800 --> 00:18:31.600

to get notified about my future videos also

please give this video a like and let me know

00:18:31.600 --> 00:18:36.240

in the comments if there's anything else you'd

like me to cover in future thanks for watching

Previous Application Security Testing
Application Security Testing