Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
14

Video Transcription

00:01
Hi. Welcome back to the course. In the last lab, we went over installing virtual box and Callie linens on a Windows 10 machine. Now, for using a different type of operating system like Mac osx were a version of Linux. Go ahead and do a quick YouTube video search for your particular operating systems. You can make sure you're installing the right packages for that. Always
00:21
in this video, we're gonna talk about cracking a password with a tool called John the Ripper that's located in Cali linen. So go ahead and launch your Callie desktop and get logged in again. The user name is gonna be route are ot all over case, and then the password is gonna be tour T o r.
00:37
So let's go ahead and get started with the lab. We're gonna open a Web browser, so it step two, we open a browser and we're gonna search for MD five hash calculator. So we're gonna put a password in and then generate a hash on that password.
00:49
So it's click on. I've got Firefox. Yes, are installed here, and most of you probably do is well, you're just using the default Cali version.
00:57
So it's gonna pull up for us. We just do a quick Google search for an MD five hash calculator
01:03
irritable type in Indy 5/2 calculator.
01:07
And I'm also going to specify,
01:10
uh, online that way I could grab a website that does it now for this lab. I'm just gonna use MD five hash generator dot com. So you also welcomed just click the link of the document as well.
01:19
I'm gonna scroll down because I know it's down here. There it is. And you're welcome to use whichever one you want. At the end of the day, they they should all generate the same hash for the same password that you type it.
01:30
Well, go ahead and click on the website,
01:33
and I do want to stress to keep the slap. Just you can actually crack it in a reasonable amount of time and see what we're doing here. So I'm actually just gonna use the password, but just all caps, So passport with all capital letters,
01:46
and then I'm just gonna click to generate button at the very bottom here that's gonna generate the hash for me. So the string of letters and numbers here, that's our hash.
01:53
So go ahead and highlight all of those.
01:57
And then you could either right click and copy, or you can just control see on your keyboard after you highlight it.
02:02
We just want a copy that No, we concludes our web browser cause we're done not done with that.
02:07
So our next step here, we want to save it into a text file. So I'm gonna click on Leaf Pad, which is a text editor that I have installed here, and just use which everyone you have installed,
02:17
and then we're just gonna either control V or right click and say paste.
02:22
And now we see that our hash is in there.
02:23
So let's move back to our lab document here. So we've copied and pasted the MD five hash,
02:29
but we copy it into the text file. Okay?
02:31
So step number five. We want to save that text file to the desktop, and then we're gonna give it this naming confection convention here. So p a s s w dot t x t.
02:42
All right, so let's do that now is go to file, then save as
02:45
we're gonna select the desktop,
02:47
and then we're gonna name our file. So p A s s w all over case not t X t.
02:54
And then just click on the save button there.
02:58
All right, so it saved our file for us. We can go and close that you'll see it saved on the desktop here. And if we opened that back up, you'll see it's that same hash we were just looking at.
03:07
All right, so we go ahead and close that we don't need that the rest of the lab.
03:10
So let's keep going at our lab document here. So we've closed that text file. So now we want to look up the tool John the Ripper. So the way we do that, we could step seven here is clicking on show applications button. So that's gonna be this very bottom left button here with all the little dots.
03:24
And then we're gonna start searching for the tool. Now we're to start by type of the word John in there and you'll see that it will pull up this tool for us.
03:31
Let's go and do that. We'll click on social applications and then in the search box to start trying type of the name John, and you'll see right here we have John the Ripper. So go ahead and click on that. It's gonna launch the application. You'll see it launches a terminal window for us and also shows us in different commands for that particular tool.
03:49
All right, so we've selected the John the Ripper application the terminal window has launched, and we see different commands.
03:54
So for this lab, we're not gonna do brute force. We're gonna Shigetoshi, we're gonna use a word list. And the reason we want to keep the password Simple, because we hope that it's on that particular wordless. So it doesn't take too long to crack the password.
04:06
So first we want to see if we even have award list installed. So for this lab, we want to use rock you dot t x t.
04:14
So let's see if we have that installed. So at the command prop here, we're gonna type, locate space, rock you all together dot t x t. So let's go ahead and type that now. So locate all over case
04:27
space and then rock and you all together dot t x t and then just prints the enter key on your keyboard. It's gonna run the command. And we do see that we do have that file here, and we see it's given us a file path as well. So we want to remember that file path for a little later in this lab. You'll see here in step 13. I also have the file path
04:46
listed there for you.
04:48
So let's move on to the last step of her lab here.
04:51
We're actually gonna type in
04:54
our command to crack the password. So we see I haven't listed here for you. I'm just gonna go ahead and type it, and I'm gonna explain it as we go.
05:01
So we're gonna type in it are Terminal here will tie pin all over case John
05:06
for John the Ripper space and then dash dash
05:11
format
05:13
again. All these were lower case.
05:15
The equal sign. Raw
05:17
death,
05:18
MD five. So what we're doing right here's were specifying the format that we used for the hash. The password hash is MD five. So we could have used something like shall honor shot 2 56 et cetera. But we chose to do
05:32
the MP five hash.
05:34
So the next thing we're typos worker actually attacked the path to the file. So the wordless file So that rock you dot text let's go ahead and do that were to put a space
05:43
and therefore slash user
05:46
so u S r four slice shared
05:49
ford slash word list
05:53
forward slash rock you again, all together dot t x t dot g z.
06:00
Okay, so, again, that's a fact. The file path for that particular file, that wordless file that we're gonna use the next step we need to do is we need to actually specify the path for the text file that contains our password hash so that when we saved to the desktop, So let's go ahead and do that. We're gonna put another space, and then we're gonna say, forward slash root So r o t
06:20
forward slash desktop with a capital D. So this is the only capital letter we're gonna use here. So capital D on then all over Case E s k t o p.
06:30
Another ford slash, and then we're gonna put the file names a p a s s w dot t x t. And then just go ahead and press the enter key. That's gonna run the cracker force here.
06:41
All right, so we see some output. Here we see a little bit of an error message stare, but basically it's loaded. One password hash,
06:46
and it's cracked it for us. So question number one here on the document. Do you see the password? So if you remember, I typed in the word password with all capital letters. So, yes, answered a question one, at least for me would be, Yes, I do see the password here. Now, if you type something different if you some extravagant password, yours might still be going.
07:05
You try to crack the password for you. But that's why I recommended something very simple
07:10
that will more than likely already be on a word list since that's what were we were using for this particular lab.
07:16
So in this lab, we talked about cracking a password with a tool called John the Ripper. Again, it comes with Callie Lennox
07:23
and the next module. We're gonna move into fit foot printing. So we're gonna learn about passive and active footprint

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor