How to Penetration Test Linux Passwords with John the Ripper – Ethical Hacking / Penetration Testing

If you are a penetration tester, you might need to crack passwords on Linux systems as part of your engagements. One of the tools you can use for this purpose is John the Ripper (JtR), an open source password cracker that supports many encryption and hashing algorithms.

This blog post is intended to provide an educational introduction about a penetration testing tool. The tool is designed to help security professionals and ethical hackers identify and exploit vulnerabilities in applications. The author does not condone or encourage any illegal or malicious use of the tool. The readers are solely responsible for their own actions and the consequences of using the tool.

In this blog post, I will show you how to use JtR to crack Linux passwords stored in the /etc/shadow file. I will also explain some of the options and modes that JtR offers to speed up the cracking process and increase your chances of success.

Before we start, we need to get a copy of the /etc/shadow file from the target system. This file contains the hashed passwords of all the users on the system, along with some other information such as expiration dates and password policies. You can obtain this file by exploiting a vulnerability, using a credential reuse attack, or any other method that gives you access to the file system.

Once you have the /etc/shadow file, you can use JtR to crack it. JtR works by comparing the hashes in the file with hashes generated from a dictionary of common passwords or from a brute-force attack. When it finds a match, it displays the plaintext password along with the username.

To use JtR, you need to specify the format of the hashes and the wordlist or mode to use. For example, if you want to crack SHA-512 hashes using a wordlist called rockyou.txt, you can use this command:

$ john --format=sha512crypt --wordlist=rockyou.txt /etc/shadow

JtR will then start trying passwords from the wordlist and show any cracked passwords on the screen. You can also view the cracked passwords later by using this command:

$ john --show /etc/shadow

JtR has three main modes that you can use to crack passwords: single-crack mode, wordlist mode, and incremental mode. Let’s look at each one briefly.

Single-crack mode: This mode uses information from the username and other fields in the /etc/passwd file to generate variations of possible passwords. For example, if the username is alice, JtR might try alice123, Alice!, alice@123, etc. This mode is useful for cracking weak passwords that are based on personal information.

Wordlist mode: This mode uses a dictionary of common passwords to compare with the hashes. You can use your own wordlist or use one of the built-in wordlists that JtR provides. You can also use rules to modify the words in the wordlist and generate more variations. For example, you can use rules to append numbers, change cases, add symbols, etc.

Incremental mode: This mode uses a brute-force attack to try all possible combinations of characters up to a certain length. You can specify the character set and the maximum length to use. This mode is slow but effective for cracking complex passwords that are not in any wordlist.

You can combine these modes and use different options to optimize your cracking process. For example, you can use --fork=N option to run N processes in parallel and speed up the cracking. You can also use --session=name option to save your progress and resume later.

Rainbow tables are large precomputed tables that store the outputs of cryptographic hash functions for many possible passwords. They are used to crack password hashes by looking up the plaintext passwords in the tables. Rainbow tables can speed up password cracking attacks and test the security of password standards.

John the Ripper is a popular password cracking tool that can use rainbow tables to crack hashes.

JtR is a powerful tool that can help you crack Linux passwords and test their strength. However, you should always use it responsibly and ethically. Do not use it for illegal purposes or without proper authorization. Always follow the rules of engagement and respect the privacy and security of your clients or targets.