apt command is used to install, update, remove packages in Linux distributions like Ubuntu, Debian, Mint, Kali. apt is mainly used with the deb packages. With the apt update or apt-get update command the repository information is downloaded to from the deb repositories to the local repositories. Hash is used to checking if the downloaded file is valid. If there is a problem we may face with the Hash Sum...
Hash algorithms are the heart of the cryptography and security. SHA-256 is a Secure Hash Algorithm which will generate an output hash value in 256 bit. SHA-256 is designed by the National Security Agency (NSA). SHA-256 is one of the cryptographic hash functions. SHA-256 is also named one-way function where the generated hash value cannot be reversed theoretically. This makes SHA-256 very useful for password validation, challenge hash authentication, anti-tamper,...
MD5 is a checksum or hash calculation method for files. MD5 checksum consists of 128-bit value which is generally expressed as the hexadecimal format with which consist of 32 characters. MD5 Attributes MD5 is a cryptography algorithm which provides some attributes which make it useful for different cases like security, operation etc. Here is the list of MD5 attributes. MD5 checksums are 128-bit values MD5 checksums can be expressed in different...
checksum is an function used to to calculated some value for given data. As we see check is used to check given data with calculated sum. Data may be little or very big like 1 MB, 10 MB etc. but the checksum value will be the same size bu different for each different type of data. checksum is also called hash values. Checksum Algorithms There are a lot of algorithms used to...
Hash-based Authentication Message Code or HMAC is used to authenticate message with hash functions. Message authentication is important mechanism in cyber security and used to check message authenticity. There are different ways and mechanisms for Message Authentication. Message Message is the data, text, image or whatever else we want to authenticate. Message is checked against it authenticity with given key by hashing them. Key Key is used to known by...
Security is important part of the today IT and gains more respect from IT world. Hashing is a security measure to protect and check our data. In this tutorial we will look how to use hash with tables and strings. What is Hash Hash is a function where provided data will be converted into another expressions format and can not be recovered back with normal functions. MD5 MD5 is very...
This is the most powerful cracking mode. Keep in mind that generally cracking will never end in this mode if there is no password because combinations are too large. Configurations about Incremental Mode can be found in configuration file [Incremental:MODE] section.
|
1 |
$ john --incremental unshadowed |
–incremental is used to specify incremental Mode Set Only Numeric Chars for Word List We can set only numeric characters to crack like below.
|
1 |
$ john --incremental=digits unshadowed |
digits will fire numeric wordlist. Default...
As we stated before in single crack mode [List.Rules:Single] method of configuration file is used. In this mode login:password are cracked by using default password-list. Single Mode is much faster than Wordlist Mode. Linux Example We will crack linux passwords with Single Mode. First we need the create one file by unshadowing /etc/passwd and /etc/shadow like below
|
1 |
$ unshadow /etc/passwd /etc/shadow > unshadowed |
After this operation we will get a file named unshadowed like below
|
1 2 3 |
root:$6$sRjaayov$u8sCzbiIxzunjyvPgRJurl24RMLfWgCKhuzGU/V0ZOWmH/JeeNMnaPOASdFN898/AEhmdTzNE7I6xDqDxeWbf.:0:0:root:/root:/bin/bash ismail:$6$osz4Q6Ka$txKB/fjtuZhnFThDJEVKrJ8.E1LbojZYcWPuE6GGLxob.AWDoL3UXZtZ0FH98HR86ebZhGO.bZpl/qrJ2nzOP/:1000:1001::/home/ismail:/bin /sh |
Now john can help...
Hackers preferred mode for tool usage is cli. John is developed for cli primarily. But there is also a gui part and can be installed like below. We named is johnny
|
1 |
$ apt-get install johnny -y |
We can provide login and password hashes like below We can select password hash type manually but john provides auto detect option which is very good detecting password types. We can provide wordlist too from our...
John have a lot of different features and in order to configure these features it provides a lot of configuration options. In this tutorial we will look some of them. Getting Help There is two way to get help abut John. One is the simplest way by using -h .
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
$ john -h John the Ripper password cracker, version 1.8.0.6-jumbo-1-bleeding [linux-x86-64] Copyright (c) 1996-2015 by Solar Designer and others Homepage: http://www.openwall.com/john/ Usage: john [OPTIONS] [PASSWORD-FILES] --single[=SECTION] "single crack" mode --wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin --pipe like --stdin, but bulk reads, and allows rules --loopback[=FILE] like --wordlist, but fetch words from a .pot file --dupe-suppression suppress all dupes in wordlist (and force preload) --prince[=FILE] PRINCE mode, read words from FILE --encoding=NAME input encoding (eg. UTF-8, ISO-8859-1). See also doc/ENCODING and --list=hidden-options. --rules[=SECTION] enable word mangling rules for wordlist modes --incremental[=MODE] "incremental" mode [using section MODE] --mask=MASK mask mode using MASK --markov[=OPTIONS] "Markov" mode (see doc/MARKOV) --external=MODE external mode or word filter --stdout[=LENGTH] just output candidate passwords [cut at LENGTH] --restore[=NAME] restore an interrupted session [called NAME] --session=NAME give a new session the NAME --status[=NAME] print status of a session [called NAME] --make-charset=FILE make a charset file. It will be overwritten --show[=LEFT] show cracked passwords [if =LEFT, then uncracked] --test[=TIME] run tests and benchmarks for TIME seconds each --users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only --groups=[-]GID[,..] load users [not] of this (these) group(s) only --shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only --salts=[-]COUNT[:MAX] load salts with[out] COUNT [to MAX] hashes --save-memory=LEVEL enable memory saving, at LEVEL 1..3 --node=MIN[-MAX]/TOTAL this node's number range out of TOTAL count --fork=N fork N processes --pot=NAME pot file to use --list=WHAT list capabilities, see --list=help or doc/OPTIONS --format=NAME force hash of type NAME. The supported formats can be seen with --list=formats and --list=subformats |
And the other method is by using man page. Man page provides more details.
|
1 2 3 4 5 6 7 8 9 10 |
$ man john JOHN(8) System Manager's Manual JOHN(8) NAME john - a tool to find weak passwords of your users SYNOPSIS john [options] password-files ... |
Modes John have 3 different...
