I know I said I would mainly be blogging about SQL/Dynamics and object orientated Java, but I was reading Linux Voice magazine on the train back from London and there was an article in there about using John the ripper in Linux to crack md5 hash passwords. So last night I had a look into this and wanted to share some of the pitfalls that beginners in Linux Ubuntu might stumble on I know I certainly did...
To begin with open a command terminal and type
sudo apt-get install john
If you are a complete beginner to Ubuntu (Linux) remember that when you are prompted for you password the characters will not appear as you type.
Keep an eye on the terminal window whilst John the ripper is installing as at some point you will have to press Y to confirm the actions of the download/install.
When it is finished you then need to combine the /etc/passwd and /etc/shadow files so john can use them
sudo /usr/sbin/unshadow /etc/passwd /etc/shadown > /tmp/crack.password.db
Now you should be ready to go. To begin with it is worth testing the cracking tool with a standard file that comes with the install. Type the below into the command line
john /tmp/crack.password.db
this loads the file and works through the hash file and when it is complete type
john -show /tmp/crack.password.db
This will show you the passwords decrypted.
So before we move on, lets talk about what md5 hashing is, how it works and why it is no longer as widely used, but surprisingly still used by some.
In very simple terms md5 hash passwords are globally the same so if your password is skyline the encrypted file will be something like 11fg23hjk2. John the ripper takes 11fg23hjk2 and checks it against it's standard dictionary and looks for the hash password 11fg23hjk2 and then pulls the word that is next to this. In this case it would be skyline.
The dictionaries can be amended and changed to include other words and this is where we get into putting letters after the password, using capitals, using symbols etc....The dictionaries can be amended to include this methodology of checking as well...
Now how fast the hashed passwords are checked against the dictionaries is all down to your computers processing power and in some instances the type of dictionary you use i.e using a dictionary of combined English and French for checking just passwords originated in France would take a lot longer than changing what dictionary john uses to just the French dictionary..
I will more than likely do another post on dictionary setups etc as that is pretty confusing leap from what we have just gone over.
Thursday 9 October 2014
Wednesday 8 October 2014
Introduction
After spending ten years working in accounting and finance, I decided enough was enough and it was time for a change. I have always enjoyed working with and learning about computers and the different systems that run on them.
The purpose of this blog is to document my learning and progression and if anyone else out their in internet land benefits from it also then great.
I will be mainly blogging about Microsoft Dynamics GP, SQL and object orientated Java. But will also cover some other topics which I am learning.
I am studying software development (object orientated java) with the Open University and recently landed my first job in IT support, supporting Microsoft Dynamics GP a system I had used as a front end user for five years.
Some people seem to believe that studying with the OU is a waste of time and effort as employers do not take it as serious as a redbrick uni. I have found this to be completely untrue and the employers I have spoken to believe that if you are working full time and studying then it doesn't matter where you are getting the degree from as you are furthering your career.
Anyway I digress, if anyone has any question please don't hesitate to ask and I will do my best to assist.
The purpose of this blog is to document my learning and progression and if anyone else out their in internet land benefits from it also then great.
I will be mainly blogging about Microsoft Dynamics GP, SQL and object orientated Java. But will also cover some other topics which I am learning.
I am studying software development (object orientated java) with the Open University and recently landed my first job in IT support, supporting Microsoft Dynamics GP a system I had used as a front end user for five years.
Some people seem to believe that studying with the OU is a waste of time and effort as employers do not take it as serious as a redbrick uni. I have found this to be completely untrue and the employers I have spoken to believe that if you are working full time and studying then it doesn't matter where you are getting the degree from as you are furthering your career.
Anyway I digress, if anyone has any question please don't hesitate to ask and I will do my best to assist.
Subscribe to:
Posts (Atom)