Contact Form

Name

Email *

Message *

Labels

Tips for an Information Security Analyst/Pentester career - Ep. 31: John The Ripper

This tip will be about a quick password cracking tutorial with John The Ripper.


Stage 1 - System exploitation
  • After creating a custom payload with msfvenom, I moved it to the /var/www/html directory, in order to make it accessible from the web, and started apache server (service apache2 start).
           
    • Afterward, we need to create a payload that will pick up a connection from our XP machine and will open a reverse shell to our Kali VM. So, we need to use the multi/handler exploit and set a payload for it, that will be windows/meterpreter/reverse_tcp, as shown below.
              
    NOTATION: LHOST and LPORT parameters must have the same values as specified in the msfvenom custom payload (see first screenshot above), or the exploit will fail.

    • Let's download the payload to the victim machine, by opening it in Firefox, and launch the exploit on Kali at the same time.
               

    • We popped a shell!! Then we can become system administrators through getsystem.
                         
    •  At this point, we can finally dump the password hashes (that we're gonna have to crack) and save them to a text file.
                          

    Stage 2 - Password cracking 

    • Recon: Let's first use John the Ripper to see what type of algorithm we got. Windows password hashes show both LM (Lanman) hashes,  disabled by default on Windows latest versions, and NTLM hashes. John tells us to use the nt format to crack the passwords.         
    • Password cracking: Let's now crack the password hashes by using a built-in password list  (/usr/share/wordlists/rockyou.txt).  I purposefully chose very weak passwords and they got cracked in a  matter of seconds.
              

    Wrap-up

    John The Ripper is a very powerful password cracking tool that shows, in a very impressive way, why password security is so important.

    Weak passwords aren't the only reason for breaches to happen, but are a very common one, recurring much more frequently than you could think.

    Testing your passwords with John or similar tool can be a good way to make sure your passwords are sufficiently robust.

    If the existing passwords can be easily cracked, you might have to rethink your security policies by implementing password complexity, password expiration, max password length, password reuse policies, etc.

    Never be lazy when it comes down to corporate security, because bad guys are not.

    HAPPY HALLOWEEN, GUYS!!

    Labels:

    Comments

    Post a Comment

    Related Posts Plugin for WordPress, Blogger...