The purpose of this lab is to learn how to use a basic CPU password cracker to recover passwords from stored password hashes.
Cracking passwords that you do not have the permission to recover IS A CRIME. Password cracking tools should only be used for legitimate purposes, such as a system administrator checking users for weak passwords.
For Windows. JTR is a DOS based application on Windows. Download and install John the Ripper 1.7.9 (Windows) on your Windows virtual machine.
Unzip the downloaded zip file and change into the john179\run
directory from a cmd.exe window. All the executables are located in this
directory.
Refer to this guide extracted from john1701\doc\examples for help on how to run JTR on Windows.
For Linux. Use wget to download the latest version of John the Ripper for Linux from openwall into your account on the Linux machine.
$ wget http://www.openwall.com/john/g/john-1.7.9.tar.gz $ gunzip john-1.7.9.tar.gz $ tar xvf john-1.7.9.tar $ cd /john-1.7.9 $ cd doc $ less INSTALLRead through this document. It will tell you the exact make command you will need to use to create the executable. Follow its instructions to create the executable, which should be called 'john'.
Both Platforms. After installing JTR, you will also need to download a password file and a word list (dictionary). Your choice of a word list will affect how quickly (or slowly) JTR will run.
Change to your RUN directory and do the following commands:
wget http://www.cs.csubak.edu/~melissa/cs340/words.tar.gz tar -xvzf words.tar.gzThere are many other word lists available, both from openwall and from administrators who use JTR.
Edit the john.conf file to use the word list in this file,
dic94.txt. Add the following line:
# Wordlist file name, to be used in batch mode Wordlist = $JOHN/dic94.txt
cd cd john-1.7.6/run
The dictionary has already been downloaded, but you will still need to edit the configuration file to use dic94.txt:
vi john.confChange the Wordlist line as indicated above.
Download this DES password file . This file contains several easy to crack passwords using the DES encryption function.
Run the executable against the password file and your wordlist. Use the following commands to do this:
wget http://www.cs.csubak.edu/~melissa/cs340/passwd.1 ./john passwd.1Stop the process after you see the first 6 or so cracked passwords on the screen. Hit CTRL-C to stop the process (otherwise john will run forever).
The simplest substitution cipher, like a decoder ring and rot13, takes a letter and shifts it x positions away to another letter. The same shift value x is applied to the whole alphabet. For example, ABCD becomes LMNO. With this type of cipher, you just have to determine the value for x and then you can unshift the cipher letters back to the original letters. You can do this by brute force (e.g. trying all 25 values for x) or by analysis.
A more complex cipher will randomize the replacement letters. For example, A might be replaced with S while B is replaced with J. This is the technique used for Cryptogram puzzles. These puzzles are often cracked using frequency analysis (e.g. noticing that the letters e, s, t, etc. are very common in the English language) or by looking for simple one-three letter words (e.g. I, a, an, and, the, etc.). Look at the Wikipedia article on Cryptogram puzzles for more information.
Crack these two ciphertexts. Both were encrypted using a simple substitution cipher (decoder ring). The number of shifts used on the plaintext differs between the two. The spaces have been left to separate the words. All other punctuation has been removed.
While you can just brute-force these solutions, you can also use programs to do the brute-forcing for you. The Wikipedia article on substitution ciphers has several links to websites with tools at the bottom of the article.