Tryhackme – John the ripper write up

John The Ripper

Task 1

Read all that is in the task and press on complete

Task 2

2.1 What is the most popular extended version of John the Ripper?

Answer: Jumbo John

Task 3

What website was the rockyou.txt wordlist created from a breach on?

Answer: rockyou.com

Task 4

Download the file attached to this task

4.1 What type of hash is hash1.txt?

Hash Type Identifier – Identify unknown hashes or use hash-id command

Answer: MD5


4.2 What is the cracked value of hash1.txt?

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt

4.3 What type of hash is hash2.txt?

Hash Type Identifier – Identify unknown hashes or use hash-id command

Answer: Sha1

4.4 What is the cracked value of hash2.txt

john --format=raw-sha1 --wordlist=/usr/share/wordlists/rockyou.txt hash2.txt

4.5 What type of hash is hash3.txt?

Hash Type Identifier – Identify unknown hashes or use hash-id command

Answer:  sha256

4.6 What is the cracked value of hash3.txt

john --format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt hash3.txt

4.7 What type of hash is hash4.txt?

Hash Type Identifier – Identify unknown hashes or use hash-id command

Answer: Whirlpool

4.8 What is the cracked value of hash4.txt?

john --format=whirlpool --wordlist=/usr/share/wordlists/rockyou.txt hash4.txt

Task 5

5.1 What do we need to set the “format” flag to, in order to crack this?

Answer: NT

5.2 What is the cracked value of this password?

john --format=nt--wordlist=/usr/share/wordlists/rockyou.txt ntlmtxt

Task 6

6.1 What is the root password?

john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt etchashes.txt

Task 7

7.1 What is Joker’s password?

根據說明single模式下要添加名稱告訴john去踹密碼… 添加Joker:在hash7.txt前面

john --single --format=raw-md5 hash7.txt

Task 8

8.1 What do custom rules allow us to exploit?

Answer: Password complexity predictability

8.2 What rule would we use to add all capital letters to the end of the word?

Answer: Az"[A-Z]"

8.3 What flag would we use to call a custom rule called “THMRules”

Answer: -rule=THMRules

9.1 What is the password for the secure.zip file?

zip2john secure.zip > zip_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt

9.2 What is the contents of the flag inside the zip file?

Answer: THM{w3ll_d0n3_h4sh_r0y4l}

Task 10

10.1 What is the password for the secure.rar file?

rar2john secure.zip > rar_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt rar_hash.txt

10.2 What is the contents of the flag inside the zip file?

THM{r4r_4rch1ve5_th15_t1m3}

Task 11

11.1 What is the SSH private key password?

Now we need to convert the keys to a readable hash by typing

ssh2john.py idrsa.id_rsa > id.txt
john --wordlist=/usr/share/wordlists/rockyou.txt id.txt

題外話 用mac用戶brew install john時要下載 brew install john-jumbo , 踩到這個坑一度跑不出來…

在弄zip2john跟unshadow 如果用brew 安裝到mac可能會找不到command,網路上似乎也沒人解決過…所以我就寫了解法出來囉…

My mac is also Big Sur M1.

If you install john and use brew, the brew install john-jumbo command “zip2john” will be in “/opt/homebrew/Cellar/john-jumbo/1.9.0/share/john/zip2john” on the path.

Because, john only links to /opt/homebrew/bin/ So I can’t find it

Maybe you can add /opt/homebrew/Cellar/john-jumbo/1.9.0/share/john/ to $PATH ,then it can be used normally

ryan.chen@ryanMac bin % ls -al | grep "john"
lrwxr-xr-x    1 ryan.chen  admin     35 Aug 18 11:05 john -> ../Cellar/john-jumbo/1.9.0/bin/john

ryan.chen@ryanMac john % ./zip2john 
Usage: ./zip2john [options] [zip file(s)]
Options for 'old' PKZIP encrypted files only:
 -a <filename>   This is a 'known' ASCII file. This can be faster, IF all
    files are larger, and you KNOW that at least one of them starts out as
    'pure' ASCII data.
 -o <filename>   Only use this file from the .zip file.
 -c This will create a 'checksum only' hash.  If there are many encrypted
    files in the .zip file, then this may be an option, and there will be
    enough data that false possitives will not be seen.  If the .zip is 2
    byte checksums, and there are 3 or more of them, then we have 48 bits
    knowledge, which 'may' be enough to crack the password, without having
    to force the user to have the .zip file present.
 -m Use "file magic" as known-plain if applicable. This can be faster but
    not 100% safe in all situations.
 -2 Force 2 byte checksum computation.

NOTE: By default it is assumed that all files in each archive have the same
password. If that's not the case, the produced hash may be uncrackable.
To avoid this, use -o option to pick a file at a time.
ryan.chen@ryanMac john % pwd
/opt/homebrew/Cellar/john-jumbo/1.9.0/share/john

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

1 − one =

Back To Top
error: Content is protected !!