I recently needed to recover passwords from a Linux system where I had the drive which I could connect to a Windows PC but this presented several issues starting with finding the right file then what tools to use and most importantly how to mate it correctly in OpenCL mode to get the benefit of graphics card processing power!
John the Ripper password cracker is a Open Source and free password cracking software tool which works on different platforms. It can support up to 407 formats for “John The Ripper” version 1.9.0-Jumbo-1. This post will guide you on how to install John The Ripper via github.
Installing and Downloading John the Ripper in Kali Linux. First, we need to install John The Ripper, it comes preinstalled in Kali Linux. To install in other Linux Os simply use command. # sudo apt-get install john. For Windows, Mac and Android go to the official site of JTR. Type John in terminal to see options. John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of 'native' packages for the target operating systems and in general is meant to be. Download John the Ripper - John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS.
Firstly the drive was formatted as EXT3 which Windows doesn’t natively support. After a bit of research I found a free program called Ext Volume Manager and gave it a go. It worked perfectly and after giving a list of available drives you can double click and mount the drive as a drive letter in Windows then just browse to it like any other drive. It was simple and worked really well.
Now that problem out the way we needed to find the password file. In Linux passwords were historically stored in a hashed form in root/etc/ in a file named passwd so this is the first place to look. Open it in notepad or similar and it is highly likely you will see a series of lines line this:
root:x:0:0:root:/root:/bin/bash
The X is where the hash would have been found historically but when the security was updated this method was changed and so the X just shows that there is a password configured but it’s stored elsewhere.
That elsewhere is a file in the same location called ‘shadow’. The structure of this file is very similar to ‘passwd’ but in Linux has different permissions. Luckily in windows this doesn’t make much difference so we can just open it.
root:$6$THMmaDC5$k/fXJE/K73OSr3KuXBs.TzBjX6i3kj1dEwrEuV7DvsTxQ0YBDceTpHVQRKSPRTqhMFbdZfZl/lZVfnMCrkFJX1:15726:0:99999:7:::
The data should look more like this (I have cropped out some of the line to avoid it filling the screen. The $6$ in this case identifies the password hash as being sha512crypt format but yours may differ, the options are:
- $1 = MD5 hashing algorithm.
- $2 =Blowfish Algorithm is in use.
- $2a=eksblowfish Algorithm
- $5 =SHA-256 Algorithm
- $6 =SHA-512 Algorithm
The next bit ‘ THMmaDC5 ‘ is the ‘salt’ value which is random data used to encode the password as the hash making it more difficult to guess.
The remainder up to the colon is the hashed password which is what needs to be guessed so now we have the right file.
Next go ahead and download Cygwin ( https://www.cygwin.com/ ) this is basically a miniature Linux platform on Windows which lets you compile Linux programs to run under Windows if they are compiled for it.
When installing Cygwin generally you can just use defaults and whatever local mirror you fancy however when the list of tools is shown search for OpenCL and add this to the installation.
Add the highlighted component to the install and continue and you should find you will soon have a Linux installation in a folder on your PC (default location is C:cygwin64 ).
Next download the zip of latest version of John the Ripper ( https://www.openwall.com/john/ ) – this is a widely recognised tool for this purpose and seems to work best. I also tried a program called HashCat but this didn’t seem to be able to find the hashes in the file. The version I used was 1.9.0-jumbo-1-64 Bit.
Hopefully the zip will look like this. Copy the all the folders and paste them into the Cygwin folder – there will already be a folders with those names so merge them. This operation adds the descriptors to allow Cygwin to recognise your OpenCL device however on my PC (and from what I’ve been reading online several others the path was incorrect so we’ll fix that.
How To Use John The Ripper Windows 7
Browse to the following path C:cygwin64etcOpenCLvendors and open the amd.icd file in notepad.
Next go the the system32 folder as shown and search for ‘amdocl64.dll’ . In my case this wasn’t present in the system32 folder directly but I found a match in System32DriverStoreFileRepository . If that is what you find just copy the file and paste it into system32 itself and this should correct the mismatch.
Next copy your ‘shadow’ file into ‘C:cygwin64run’ – technically this isn’t required but it makes life easier. In my case I edited it to have a .txt extension to make testing easier. Now to test it!
Open a command prompt Window and browse to ‘C:cygwin64run’ then enter the following command:
john shadow.txt –format=sha512crypt-opencl
How To Install John The Ripper In Windows 10
Interchanging the format for whatever is relevant to your hash type. If you run john without specifying a hash format it will recognise it correctly but will default to CPU only mode rather than the OpenCL version which comes with a performance hit for most people.
How To Install John The Ripper Windows 7 Windows 10
All going well you should see something like this :
How To Install John The Ripper Windows 7 Free
That tells us its working fine and has successfully found the graphics card as a processing device. Now take a break and leave it to churn through its options for as long as it takes. It won’t be fast!