Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
3 views3 pages

Assignment 5

The document outlines an assignment to extract password hashes from a target system and crack them using John the Ripper. It details the steps for accessing the target machine, extracting the password hashes from the /etc/shadow file, and using John the Ripper to crack the hashes. Additionally, it provides instructions for verifying the installation of John the Ripper, identifying hash types, and performing both dictionary and brute-force attacks.

Uploaded by

Anonymous thOs8HQw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views3 pages

Assignment 5

The document outlines an assignment to extract password hashes from a target system and crack them using John the Ripper. It details the steps for accessing the target machine, extracting the password hashes from the /etc/shadow file, and using John the Ripper to crack the hashes. Additionally, it provides instructions for verifying the installation of John the Ripper, identifying hash types, and performing both dictionary and brute-force attacks.

Uploaded by

Anonymous thOs8HQw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Assignment 5

Extract password hashes from the target system and use John the Ripper to crack them.

Requirements:

 A acker Machine: Kali Linux (or any system with John the Ripper installed)

 Target Machine: Metasploitable 2 or any vulnerable Linux system

 Network connec on between a acker and target machine

 SSH or meterpreter session on the target machine (to access password hashes)

Part 1: Extract Password Hashes from the Target Machine

Step 1: Access the Target Machine

1. Start by exploi ng a vulnerability on the target machine (as done previously with
Metasploit). A er successful exploita on, you should have a shell or meterpreter session on
the target system.

Example using Metasploit:

A er gaining access, you can move forward with extrac ng the password hashes.

Step 2: Navigate to the Password File

1. On the target machine, navigate to the /etc directory where password-related files are
stored:

2. The /etc/passwd file contains user account informa on, but modern Linux systems store
password hashes in the /etc/shadow file, which requires root privileges to access.

Step 3: Extract the Password Hashes

1. If you have root privileges on the target machine, you can view the /etc/shadow file:

The output should look like this (for each user account):
root:$6$PpUWr47d$9opOtz 1r5eDfpZVGklY/NLpp8xAbF8k7Ks6L49CHdrRf0O8mkzFoU/1P6fehQ2Z
xkIVb8TYKkgDb9FhJxI91:18731:0:99999:7:::

The password hash starts a er the first colon (:) and is separated by $ signs.

2. Copy one of the password hashes (e.g., for the root user) and save it to a text file on your Kali
Linux machine. For example, save the hash to a file called hashes.txt:
root:$6$PpUWr47d$9opOtz 1r5eDfpZVGklY/NLpp8xAbF8k7Ks6L49CHdrRf0O8mkzFoU/1P6fehQ2Z
xkIVb8TYKkgDb9FhJxI91
3. Transfer the hashes.txt file to your Kali Linux machine if you copied it on the target.

Part 2: Cracking the Password Hash with John the Ripper


Step 1: Verify John the Ripper is Installed
John the Ripper comes pre-installed on Kali Linux. To check if it’s installed, run:

If it’s not installed, you can install it using:

Step 2: Iden fy the Hash Type


1. Before star ng the crack, you can use John to iden fy the hash type

John automa cally detects most hash formats, but common hash types include:

 $1$: MD5-based crypt


 $5$: SHA-256
 $6$: SHA-512 (as seen in the example hash)

Step 3: Run John the Ripper on the Hash


1. Start John to crack the password using a default or custom wordlist:

By default, John will run a dic onary a ack using its built-in wordlist.

2. If you want to use a specific wordlist (such as the popular rockyou.txt wordlist), specify the
path like this:

3. John will try different password combina ons from the wordlist and output the cracked
password if successful.

Step 4: View the Cracked Password


Once John completes the a ack, you can view the cracked password:

Example output:

In this case, the password password123 has been cracked successfully.

Op onal: Perform a Brute Force A ack


If the dic onary a ack fails, you can perform a brute-force a ack. John will try every possible
combina on of characters.
1. To run a brute-force a ack, use the following command:

Be aware that brute-force a acks can take a long me depending on the complexity of the password.

You might also like