The Hacker Academy – Password Cracking 101: Meet John the Ripper

October 14, 2013  By Pierluigi Paganini


The Hacker Academy provides a unique learning experience, teaching infosec from the hacker’s perspective.

Password cracking is one of the most popular methods used to gain unauthorized access to a computer system. Using cracking to Obtain password hashes is something you can do with physical or remote access to a system.

John the Ripper is one of the best password testing and breaking tools. So, how’s it work? It combines a number of password crackers into one package, detects different password hash types, and matches that with a customizable cracker.

John the Ripper is mostly used during penetration tests in cracking NTLM passwords for domain credentials we have dumped from a Windows Domain Controller that is storing LM hashes. Cracking the LM password hashes can be done for all accounts using rainbow tables in less than an hour. We can’t use these LM cracked passwords to authenticate to other hosts/servers, but we can use them as a wordlist to crack the NTLM passwords for all domain users in just a few minutes using the built in NT rule for John the Ripper.

Everyone likes free, and the great thing about John the Ripper is it’s just that. It’s Open Source and available for everyone to use, distributed primarily in source code form.

Jeremy Conway, Instructor at The Hacker Academy, says the following about John the Ripper, “During one of our recent penetration tests, we cracked just over 3,000 accounts in about 2 hours. These credentials led us to compromising other devices and servers that were not part of the domain due to password reuse. Getting credentials is one of the fastest ways for us to gain complete and total control of a targeted network and can be extremely difficult for a company defender to detect and mitigate.”

The Hacker Academy has recognized the importance and accessibility of John the Ripper and dedicated an entire module to introducing members to cracking passwords using password hashes and John the Ripper. Check out this short, clip introducing you to the tool. For a more in depth lesson, click here to sign up for a free trial. This lesson has been opened up strictly for the readers of this blog! Once you’ve accessed the demo account, you’ll be able to find the full video Password Cracking: John the Ripper in the Penetration Testing course under the Server Pen Testing Lesson. Enjoy!

View the full video here!

JohnTheRipper



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

A backdoor present in many D-Link devices allows to bypass authentication

Researcher Craig published an interesting blog post on "/dev/ttyS0" on the reverse engineering of the backdoor present in many...