A review of hash cracking tools: John the Ripper password cracker and MDCrack
john
John the Ripper password cracker is designed to open various types of hashes that are used in many software and OS, from MySQL to OpenBSD. The program features: brute force password, password selection in the dictionary and hybrid attack. As well as signle and external password-specific methods for this program. All methods will be described below.
The program has the ability to restore the selection process after its interruption.
One of the features of the program is the fact that when opening a large number of passwords “at a time”, there is a great possibility that they will be opened faster than they would be opened separately. Also, the password increment is made "intellectually", which will be discussed below.
There are two restrictions in the program: john can only open hashes with salt - to open regular hashes you need the appropriate patch or a ready-made special. program assembly; You can brute force a password with a length of no more than 8 characters (but there is no such limit in a dictionary attack).
Salt (salt, "seed") is a method of complicating the calculation of a hash. For example, in FreeBSD, when calculating the password hash, two random characters are first generated, which are concatenated to the password, the hash is calculated from the received string, and these two characters are added to the received hash, giving the resulting hash.
To test the speed of a program on your computer, run it with the '--test' flag. The result will be issued in c / s, i.e. in characters per second, and not in h / s (hash per second), as is customary in other programs of this type. But each subsequent character forms a new password. So, sorting, for example, 3500 characters per second, we generate 3500 new passwords per second. Therefore, the numbers given by john --test are the hashes per second.
To start the program, write the opened hash to the file: user: hash , where user is any line, and hash is the hash you open. If you need to open several hashes at once, then you need to write them all to one file. As mentioned above, it is likely that all hashes will be opened faster than if they were written to different files separately. For example, create a bla.pass file with the following contents:
user1:$1$yHJlM1Y9$lzO5yVj6Drepbz6xje0wq0
user2:$1$RDBUtZMr$z8acZKa5XzY0vQuUwG6Un1
user3:$1$EP5lm7ex$poOrQvYoH78Bc63nhXx1p1
user4:$1$ths1/RY5$CUR32fPoOr/UcjeBpD4fx0To start the search, give the john bla.pass command . The program will tell about the number of hashes loaded, about the number of different salts (in old unix systems, salt was fixed, i.e. the same for all passwords) and about the type of hashes. The type of hash may not be determined correctly. So, if you try to open the usual md5_128bit (without salt), then the version of john considered in this article will determine this hash as NT LM DES, and will begin the password selection, obviously to no avail.
After the start of the search, it may take forever before the password is opened. To try to open the password in a reasonable amount of time, john has a whole arsenal of different types of selection (operating modes), rules, filters and a flexible configuration file. Next, john’s operating modes will be briefly discussed. See the program documentation for more information.
Total, john has 4 modes of operation, i.e. 4 ways to crack a password: single crack, wordlist, incremental and external.
Single crack mode - password search by indirect evidence. The first candidates for passwords are the user name, “GECOS”, “Full Name” - the fields of his account and the name of the user's home directory. And also the rules (hybrid attack) are used for the received data, and there are more possible passwords. But not as much as in the dictionary attached to the program. Therefore, this is the fastest way. It completes its work (iterates over all possible password options) in a few seconds.
In the GECOS field, the user can record additional data about himself, such as phone number, date of birth, etc.
Wordlist - password selection by dictionary. The main dictionary weighs more than 600 Mb, distributed on two disks. It contains the most used passwords in more than 20 languages. This password collection is worth $ 28.25. A small password collection of 11 Mb is also available. The effectiveness of this collection is questionable, since it also contains passwords in more than 20 languages. Wordlist mode has a “submode”: wordlist with rules (rulets). This is a hybrid form of password guessing. The set of applicable rules can be changed and supplemented by your own. Rules are described in the configuration file with special characters and special flags that are read and processed by the john rule preprocessor.
You can download some very useful dictionaries from passwords.ru
Incremental - brute force, i.e. brute force. Enumeration settings are stored in the configuration file. When iterating over, the program evenly distributes the increment frequency along the password length and character set (That's one reason why this mode deals with trigraph frequencies, separately for each character position and for each password length, to crack as many passwords as possible within a limited time). There are five incremental modes: “All,” “Alnum,” “Alpha,” “Digits,” and “LanMan.” For example, “Digits” will sort through only numbers, “Alpha” - only lowercase Latin letters. It is also possible to create your own incremental mode submode. Read more in the documentation.
External- this mode makes it possible to apply “filters” described in the configuration file in C using four callback functions. Using this, you can write your own search algorithm. But a few basic ones are already written in the configuration file, and they can be used.
All modes can be combined. By default (if you do not specify a mode and do not change anything in the configs), the program will first work out a single-mode, then try to find the password according to the dictionary attached to the program (only 3108 passwords), then it will start enumerating passwords (will switch to incremental mode) with a length of 0 to 8 with an alphabet of 96 characters (Latin lowercase, Latin uppercase, numbers and characters).
Practical advice: first try those modes and submodes that finish their work (in case of failure) faster than anyone. After you finish working in single, wordlist, and wordlist with rulets modes, you will probably start to brute force the password in the “All” sub-mode. This may be your biggest mistake, which will take you too much time. Instead, first try the faster sub-modes in ascending order of characters: “Digits” (10 digits), “Alpha” (26 Latin lowercase letters), “Alnum” (36 characters - letters + numbers), etc. Because users often use simple passwords, you should first try the faster incremental search submodes. This can save you a lot of time.
mdcrack
The program aims to achieve the maximum speed of password guessing. Program version 1.2 is open source, but supports only three types of hashes: MD4, MD5 and NTLM1. The program versions 1.5 and 1.7 support a larger number of hashes, including md5_freebsd, but the source code is not provided in open form. The mdcrack program is convenient to use for brute force, when the standard assembly of the john program did not suit you, i.e. when you need to open a hash without salt (without salt).
An example of calling the mdcrack program:
mdcrack -s qwertyuiopasdfghjklzxcvbnm -S 7 c8e5b031cee3fe69955e63f8c5e11509.
After this command, a “session” will be created, and if you abort the search, give the mdcrack command (without parameters) to return to the interrupted session. To delete a session, issue the mdcrack -d command .
Upon completion or after interruption of the program, it gives information about the performance of the computer (average number of hashes per second).
The -W flag is used to create a file of pre-calculated pass: hash pairs . To read such a file, use the -R flag. For faster read / write operation, the -F flag is used.
The -b and -e flags are used to indicate the value of a commgne. In some data transfer protocols, the transmitted password hash is encrypted (the hash from the transmitted hash is calculated). The password to which it is encrypted in this context is called fluctgne.
It is worth noting that the mdcrack program is looking for a collision hash. The fact is that several passwords can correspond to one hash (but the probability of this is very small), moreover, of different lengths. If the user has set a password of 9 characters, when selecting such a password it may turn out that another, shorter password, for example, with two characters, has exactly the same hash. And if you enter it into the attacked system, it will be perceived as correct.
Thematic links
- Article “Notes: which bruster to choose?”: Forum.antichat.ru/showthread.php?t=37651
- Dictionaries for opening a hash, and not only: www.passwords.ru