Linux rar password cracking

ZIP PASSWORD CRACKING USING JOHN THE RIPPER IN KALI LINUX

Hello,today am going to show you how to crack password protected zip files in kali linux. Kali linux is pre installed with password cracking tools namely: 1.John the ripper
2.Fcrackzip utility
3.Wordlists
We’ll focus more on john the ripper which is pre-installed in most unix operating systems.
However if your linux operating system lacks this tools,you can install or update the necessary packages with the following commands: $sudo apt update
$sudo apt install john fcrackzip wordlists John the ripper will use its own wordlist located in the /user/share/john/password.lst to crack the password.you can also locate all the wordlists in your system by typing the following command:
$locate wordlist Step 1:create a password protected zip file
The only other thing needed to start is a password protected zip file.
Follow the steps:
Create a text file add some text and name it say hacker.txt.
Open the terminal in the directory and type the following command
$zip -password 12345678 hacker.zip hacker.txt The command creates a zip file with the password of your choosing after the word password in the shell command above.
Replace the file names and paths to your own. Step 2:get the password hash
To get the password hash to be cracked, we need to enter the command: $zip2john hacker.zip
Step 3:put the password hash in a text file
Type the following command :
$zip2john hacker.zip > hash3.txt Followed by:
$John hash.txt Sometimes you may need to customize or create your own wordlist or use a different wordlist the command follows the following format $john –wordlist= the wordlist path saved hashes
I.e
$john —wordlist= /usr/share/wordlists/rockyou.txt hacker.txt The time taken to crack each password varies with the strength of the password

Top comments (0)

Read next

Second week doing a podcast

Источник

How to hack passwords with john the ripper (linux, zip, rar, hash)

Today we are going to learn how to crack passwords with john the ripper. If you have never heard about it, then you are surely missing a lot of passwords cracking action. John, the ripper, is an open-source password cracking tool used by almost all the famous hackers. It’s sheer functionality, and features have made it the favorite of everyone in the hacker community.

Table of contents

What is John, the Ripper?

As mentioned before, John the ripper is a password cracking tool which is included by default in Kali Linux and was developed by openwall. It can automatically detect and decrypt hashed passwords, which is the standard way of storing passwords in all operating systems. This tool is an offline password cracking tool, and it also has paid versions with added functionality.

So let’s start hacking with John, the ripper. Download the free version of john from below:

If you have kali Linux then John the ripper is already included in it.

We will review the following four tutorials with john the ripper password cracking tool:

1. Cracking Linux Passwords
2.Cracking Password Protected ZIP/RAR Files
3. Decrypting Hash files.
4.Using Wordlists To Crack Passwords

1)Cracking Linux passwords

In Linux, the passwords are stored in the shadow file. If you have been using Linux for a while, you will know it. This file is hashed and secured. Also, you cannot directly see the files. But with john the ripper you can easily crack the password and get access to the Linux password.

To crack the Linux password with john the ripper type the following command on the terminal:

unshadow /etc/passwd /etc/shadow > crack.txt

unshadow is a command which can extract hashes and send them to crack.txt file. John can now use these file with saved hashes to crack them.

As you can see, my default password was directly cracked. Depending on password complexity, the time required for cracking password will change. Also, if you are using a wordlist, then the password needs to be present in the wordlist.

If you do not see the password or you want to see it again do the following:

To see cracked files type the following command:

cat /root/.john/john.pot

here test123 is the password

Note: Note password cracking is resource-intensive. Your laptops might get heated up if there is no proper cooling and airflow.

There are many options and flags you can use with john the ripper. Check the image below to know more.

2)Cracking password-protected zip and rar files.

We come across zip files having passwords and encryption quite often if we are downloading stuff from the internet. So let’s try cracking the password of a zip file.

Open the folder where the zip file is located in the terminal(Change directory with cd command). Once you open the folder type the following command in the terminal:

command: zip2john file > output.txt

file = name of the zip file

After using this command, you will see an output.txt file which has the hashes of the zip file stored in it.

To crack the hash of the zip file, type :

Command: john –format=zip output.txt

With this command, the zip password cracking process will begin, and you will be able to hack the password of the zip file with john the ripper. Do note it will take time and depending on the password complexity.

In the case, of cracking passwords of “rar” files just replace “zip” with “rar.” Everything else follows the same format.

rar2john file > output.txt

John –format=rar output.txt

3) Decrypting hash files with John, the ripper

You need to save the hash you want to decrypt in a text file. I will be making a separate article on acquiring password hashes. Till then stay tuned and support hacking world.

I have my Hash over here in a text file.

Now, let’s use john to decrypt the hash and access the password.
To decrypt it, use this :

To decrypt SHA1 encryption, we will use RockYou as wordlist and crack the password, as shown below:

john –wordlist=/usr/share/wordlists/rockyou.txt –format=raw-sha1 crack.txt

john –wordlist=/usr/share/wordlists/rockyou.txt –format=raw-sha256 crack.txt

john –format=raw-md5 hash.txt

Wait for the hash file to be decrypted. Once the file is decrypted, you will see the password.

To see all formats supported by john type the following command.

john –list=formats

Frankly, the hash suite is a better alternative. You can also try cain and Abel for cracking hashes. But for Linux terminal-based hacking John the ripper is the best.

4) Using custom wordlists to hack passwords

If you want to use a wordlist attack. Which takes a lot of time but does work provided the word list is good. John, the ripper, uses a custom dictionary which contains the list of the most commonly used passwords around the world. So unless the password is really unique and long john, the ripper can hack the password.

john –format=raw-sha1 –wordlist password.txt THEHASHFILE.txt

You can try the following command, e.g., for better understanding:

john –wordlist=/usr/share/john/password.lst hashfile

Here in the above command, I used the password.lst file. You can use any file you want.

Bonus: Cracking Multiple Files

We can also crack multiple hash files provided if they have the same encryption.

Both contain md5 hashes, so to crack both files in one session, we will run john as follows:

Syntax: john [file 1][file 2]

john -form=raw-md5 crack.txt crack1.txt

To see list of all possible formats john the ripper can crack type the following command:

john -list=formats

Commonly asked questions about John the Ripper.

Q.1 Can this tool be used in Windows?

Yes, it can, but the hash suite is a better alternative on Windows the interface is much simpler and can be used without the help of the command line.

Q2. Can John the Ripper hack any password?

Technically speaking yes, it can be provided you meet all of its requirements. For example, if the password is complicated but is present in the wordlist dictionary you use, then it can easily be hacked.

Q3. Is this tool free to use?

Yes, this version is free to use there is a separate paid version for those who required. The paid version has a lot of features, but I haven’t tested it yet.

Q.3 Can you use this tool online?

No, this is an offline password cracking tool to crack hashes. It cannot perform online password cracking attacks.

Q.4 Can you hack facebook and Instagram with this tool?

Yes provided you get the hashes of the facebook and Instagram password. You cannot crack any online passwords with this tool.

Hope you had fun cracking with john the ripper. If you have any questions about john, do mention them in the comment section. Do note is an offline password cracking tool. Hope you liked the article share and donate to support the site. Happy Hacking.

Источник