John the Ripper Notes
It seems John the ripper is a little more complex than I remember. With the Ubuntu repo'd version of John I am unable to create a recognizable md5 hash for john to decrypt (no hashes loaded). Still working with John but in the meanwhile:
echo 'fake:$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/' > hash
this is a hash that will be recognized by john the ripper and dumps it in a file called hash. However my goal is to create an MD5 hash of "12345" and set john for incremental parameters to brute force 5 characters [0-9]. This venture just serves to remind me that pen testing is not a part time job as I am playing catchup now.
This will create an MD5 compatible hash for testing
With manipulation of the incremental functions in the john configuration file, now able to achieve original task.
The location of john's default word list is /usr/share/john/password.lst
run john using brute force digits only
john --incremental:Digits name-of-file
echo 'fake:$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/' > hash
this is a hash that will be recognized by john the ripper and dumps it in a file called hash. However my goal is to create an MD5 hash of "12345" and set john for incremental parameters to brute force 5 characters [0-9]. This venture just serves to remind me that pen testing is not a part time job as I am playing catchup now.
This will create an MD5 compatible hash for testing
openssl passwd -1 password (use this instead)
change password to whatever you want to encrypt.
with a salt
with a salt
openssl passwd -1 -salt rty password John's configuration file is located in /etc/john .chr files are required for incremental mode. found in /usr/share/john/ With manipulation of the incremental functions in the john configuration file, now able to achieve original task.
The location of john's default word list is /usr/share/john/password.lst
run john using brute force digits only
john --incremental:Digits name-of-file
john password_sha1.txt --format=md5crypto -w=password.lst
Comments
Post a Comment