Archive

Archive for March, 2011

John the Ripper 101

2011/03/28 Comments off

For those that don’t already know, John the Ripper is:

a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus many more with contributed patches.

John is commonly available for most ‘nix systems under their package management systems. However, I’d strongly recommend compiling from source to ensure John takes full advantage of more powerful hardware capabilities than the ‘generic’ build. Compiling from source is straightforward, and I’m yet to encounter any difficulties. The additional time spent with manual compilation definitely pays for itself in the long run, read the INSTALL file for instructions.

To get a feel for the available performance john includes ‘–test’ functionality. My system (iMac i7 w/8GB ram), manually compiled with system specific functions achieved:

enchmarking: Traditional DES [128/128 BS SSE2-16]… DONE
Many salts: 3370K c/s real, 3370K c/s virtual
Only one salt: 2840K c/s real, 2840K c/s virtual

Benchmarking: BSDI DES (x725) [128/128 BS SSE2-16]… DONE
Many salts: 108990 c/s real, 110080 c/s virtual
Only one salt: 107264 c/s real, 107264 c/s virtual

Using the same system and john compiled with a ‘generic’ system I achieved less than 50% performance:

Benchmarking: Traditional DES [64/64 BS]… DONE
Many salts: 1613K c/s real, 1613K c/s virtual
Only one salt: 1476K c/s real, 1487K c/s virtual

Benchmarking: BSDI DES (x725) [64/64 BS]… DONE
Many salts: 52800 c/s real, 52377 c/s virtual
Only one salt: 51961 c/s real, 51961 c/s virtual

Unfortunately, john doesn’t currently take advantage of multi-core systems and only uses a single core (see below). There are methods for sharing the processing load between multiple instances of john, or even across john instances running on multiple systems, but that’s a topic for another day.

CPU utilisation under john

Before you can crack any passwords, you first need to ‘acquire’ the hashes to be cracked. There are many options for this including the pwdump family (I’d recommend fgdump), the Cain and Abel tools and many others. For testing purposes I extracted the Windows LM hashes using Metasploit’ Meterpreter’s hashdump functionality:

meterpreter > hashdump
andrew:1011:f0c59dece4734d86959d531ee5401834:fa77122d7a1f75a91b8550e6488ba9a9:::
ASPNET:1007:62cc422eb3a006c2e9b348c9a8c62222:5e5a4a1058e775c3be4fc49775a5bac8:::
Barney:1012:44fbba209c861c56944e2df489a880e4:e463c514849b1c902f6e118fa75c77f9:::
Charlie:1013:49a1a1e421beeadcaad3b435b51404ee:ac27498221e64565152d08bdf2d34369:::
HelpAssistant:1000:551028a43e2ea865d6bce7b0f3da97ee:7bde535fb3fe1432fc7125354492aa6b:::
IUSR_FDCC-CD744D84E2:1005:c50115cc265c5db0691bfe28aa492514:6615b358c184382319cdbd59b22ab9fc:::
IWAM_FDCC-CD744D84E2:1006:628a234fbbf992c5bc5c513445f4fabd:dea6a5c2c54e7e88178fe64a6e6e4c68:::
Renamed_Admin:500:921988ba001dc8e1c41a0e2828864838:5f23a05483c0b292fdd922e6b05afa05:::
Renamed_Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:005f9658b579d394f8a315506fe238de:::

John comes packaged with a default password list, containing a little over 3000 entries, and several methods for generating hybrid guesses including appending numbers to entry or performing ‘l33t’ replacements. Rules for hybrid attacks can found (and edited) in the john.conf file. Even without tweaking, john is still effective  at cracking hashes as the below shows.

Cracking ‘andrew’:

Wintermute:john-testing awaite$ time /Applications/john-1.7.6-jumbo-12/run/john 192-168-1-127_Andrew.dump
Loaded 2 password hashes with no different salts (LM DES [128/128 BS SSE2-16])
ITY              (andrew:2)
INFOSAN          (andrew:1)
guesses: 2  time: 0:00:09:45 (3)  c/s: 19803K  trying: INFODTP – INFOSS9

real 9m45.359s
user 9m45.193s
sys 0m0.125s

Cracking ‘Barney’:

Wintermute:john-testing awaite$ time /Applications/john-1.7.6-jumbo-12/run/john 192-168-1-127_Barney.dump
Loaded 2 password hashes with no different salts (LM DES [128/128 BS SSE2-16])
R                (Barney:2)
DINOSAU          (Barney:1)
guesses: 2  time: 0:00:00:01 (3)  c/s: 9547K  trying: DINOSH8 – DINOVYS
real 0m1.685s
user 0m1.642s
sys 0m0.019s

Cracking ‘Charlie’:

Wintermute:john-testing awaite$ time /Applications/john-1.7.6-jumbo-12/run/john 192-168-1-127_Charlie.dump
Loaded 1 password hash (LM DES [128/128 BS SSE2-16])
CH4LK01          (Charlie)
guesses: 1  time: 0:00:28:38 (3)  c/s: 20126K  trying: CH4LB5# – CH4LCGN

real 28m38.011s
user 28m37.645s
sys 0m0.301s

Cracked hashes are stored in the john.pot file, preventing john from wasting CPU cycles cracking a hash that has already been cracked. Previously cracked passwords can be found using –show:

Wintermute:run awaite$ ./john –show /Users/awaite/Documents/john-testing/192-168-1-127.dump
andrew:INFOSANITY:1011:fa77122d7a1f75a91b8550e6488ba9a9:::
Barney:DINOSAUR:1012:e463c514849b1c902f6e118fa75c77f9:::
Charlie:CH4LK01:1013:ac27498221e64565152d08bdf2d34369:::

5 password hashes cracked, 12 left

John has a lot of additional functionality; go install, tweak and crack (only with permission, obviously).

–Andrew Waite

Categories: InfoSec, Tool-Kit