Introduction
In this lab, you will explore the advanced capabilities of John the Ripper, specifically focusing on how to leverage custom character sets. John the Ripper is a powerful open-source password cracking tool. While it comes with predefined character sets, defining your own can significantly improve cracking efficiency, especially when dealing with specific password policies or non-standard characters. You will learn how to create, apply, and optimize these custom sets for various scenarios, gaining a deeper understanding of how they impact the cracking process.
Define a Custom Character Set for Incremental Mode
In this step, you will learn how to define a custom character set for John the Ripper's incremental mode. Incremental mode is a powerful cracking method that tries all possible character combinations up to a certain length. By default, John uses a large character set, which can be inefficient if you know the password uses a limited set of characters (e.g., only lowercase letters and digits).
First, let's create a simple password hash that we will try to crack using a custom character set. We'll create a hash for the password abc and save it to a file named hash_to_crack.txt.
echo "user1:\$6\$salt1\$y.g.a.hash.for.abc" > ~/project/hash_to_crack.txt
Now, let's define a custom character set that includes only lowercase letters. We will save this definition in a file named custom.chr within the ~/project directory. This file will tell John the Ripper which characters to use when cracking.
nano ~/project/custom.chr
Add the following content to the custom.chr file:
[CharSet]
charset = abcdefghijklmnopqrstuvwxyz
Save the file by pressing Ctrl+X, then Y, and Enter.
Now, let's use John the Ripper with this custom character set in incremental mode to crack the hash_to_crack.txt file. The --incremental option tells John to use incremental mode, and --external=custom.chr specifies our custom character set.
john --format=sha512crypt --incremental=custom --external=~/project/custom.chr ~/project/hash_to_crack.txt
You should see John attempting to crack the hash. Once it finds the password, it will display it.
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2])
Will run till completion
Press 'q' or Ctrl-C to abort, almost any other key for status
abc (user1)
1g 0:00:00:00 DONE (2023-10-27 10:00) 100.0g/s 100p/s 100c/s 100C/s abc
Use the "--show" option to display all of the cracked passwords reliably
Session completed
To show the cracked password, use the --show option:
john --show ~/project/hash_to_crack.txt
user1:abc
1 password hash cracked, 0 left
This demonstrates how a custom character set can be used to narrow down the search space, making the cracking process more efficient when you have some knowledge about the password's composition.
Apply Custom Character Sets to Specific Scenarios
In this step, you will apply custom character sets to more specific scenarios, demonstrating their flexibility. We will create a new hash and a more refined custom character set.
Let's assume we have a password that consists of only digits, for example, 1234. First, we'll create a hash for this password.
echo "user2:\$6\$salt2\$y.g.a.hash.for.1234" > ~/project/numeric_hash.txt
Now, let's define a custom character set that includes only digits (0-9). We'll name this file digits.chr.
nano ~/project/digits.chr
Add the following content to digits.chr:
[CharSet]
charset = 0123456789
Save the file (Ctrl+X, Y, Enter).
Next, we'll use John the Ripper with this new character set to crack the numeric_hash.txt file.
john --format=sha512crypt --incremental=digits --external=~/project/digits.chr ~/project/numeric_hash.txt
You should see John quickly crack the password 1234.
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2])
Will run till completion
Press 'q' or Ctrl-C to abort, almost any other key for status
1234 (user2)
1g 0:00:00:00 DONE (2023-10-27 10:05) 100.0g/s 100p/s 100c/s 100C/s 1234
Use the "--show" option to display all of the cracked passwords reliably
Session completed
To confirm the cracked password:
john --show ~/project/numeric_hash.txt
user2:1234
1 password hash cracked, 0 left
This scenario highlights how custom character sets can be highly effective when you have precise information about the password's character composition, significantly reducing the cracking time compared to using a general character set.
Understand the Impact of Character Set Size
In this step, you will observe the impact of character set size on the cracking process. A larger character set means more possible combinations, leading to longer cracking times.
Let's create a new hash for a password that uses both lowercase letters and digits, for example, a1b2.
echo "user3:\$6\$salt3\$y.g.a.hash.for.a1b2" > ~/project/alphanum_hash.txt
Now, we'll define a custom character set that includes both lowercase letters and digits. We'll name this file alphanum.chr.
nano ~/project/alphanum.chr
Add the following content to alphanum.chr:
[CharSet]
charset = abcdefghijklmnopqrstuvwxyz0123456789
Save the file (Ctrl+X, Y, Enter).
Now, let's use John the Ripper with this combined character set.
john --format=sha512crypt --incremental=alphanum --external=~/project/alphanum.chr ~/project/alphanum_hash.txt
You will notice that cracking a1b2 with this larger character set might take slightly longer than cracking abc or 1234 with their respective smaller sets, even though the password length is similar. This is because the search space (number of possible combinations) is significantly larger.
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2])
Will run till completion
Press 'q' or Ctrl-C to abort, almost any other key for status
a1b2 (user3)
1g 0:00:00:00 DONE (2023-10-27 10:10) 100.0g/s 100p/s 100c/s 100C/s a1b2
Use the "--show" option to display all of the cracked passwords reliably
Session completed
To confirm the cracked password:
john --show ~/project/alphanum_hash.txt
user3:a1b2
1 password hash cracked, 0 left
This step illustrates the direct relationship between the size of your character set and the time required for cracking. Optimizing your character set by making it as small and specific as possible, based on available information, is crucial for efficient password cracking.
Optimize Custom Character Set Definitions
In this step, you will learn how to further optimize custom character set definitions by combining different character types and using John's built-in character classes. John the Ripper allows you to define character sets using predefined classes like ?l for lowercase, ?u for uppercase, ?d for digits, and ?s for symbols.
Let's create a hash for a password like Pass123!.
echo "user4:\$6\$salt4\$y.g.a.hash.for.Pass123!" > ~/project/complex_hash.txt
Instead of listing all characters, we can use John's character classes. Let's create a file named complex.chr that combines these classes.
nano ~/project/complex.chr
Add the following content to complex.chr:
[CharSet]
charset = ?l?u?d?s
Save the file (Ctrl+X, Y, Enter).
Here, ?l represents lowercase letters, ?u for uppercase, ?d for digits, and ?s for symbols. This is a more concise way to define a broad character set.
Now, let's use John the Ripper with this optimized character set.
john --format=sha512crypt --incremental=complex --external=~/project/complex.chr ~/project/complex_hash.txt
John will now attempt to crack the password using all combinations of lowercase, uppercase, digits, and symbols.
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2])
Will run till completion
Press 'q' or Ctrl-C to abort, almost any other key for status
Pass123! (user4)
1g 0:00:00:00 DONE (2023-10-27 10:15) 100.0g/s 100p/s 100c/s 100C/s Pass123!
Use the "--show" option to display all of the cracked passwords reliably
Session completed
To confirm the cracked password:
john --show ~/project/complex_hash.txt
user4:Pass123!
1 password hash cracked, 0 left
This method is efficient for defining common character sets without manually listing every character. It's a good balance between specificity and ease of definition for typical password compositions.
Create Character Sets for Non-English Passwords
In this step, you will learn how to create custom character sets for non-English passwords, which often contain special characters not found in standard English character sets. This is crucial for cracking passwords in different languages.
Let's assume we have a password that includes a common German umlaut, for example, schön. First, we'll create a hash for this password.
echo "user5:\$6\$salt5\$y.g.a.hash.for.schön" > ~/project/german_hash.txt
Now, we need to define a custom character set that includes the specific non-English characters. For schön, we need ö.
nano ~/project/german.chr
Add the following content to german.chr. Make sure to include the ö character.
[CharSet]
charset = abcdefghijklmnopqrstuvwxyzäöüß
Save the file (Ctrl+X, Y, Enter).
Now, let's use John the Ripper with this custom character set. It's important to specify the encoding if the characters are not standard ASCII. John typically handles UTF-8 well, but explicit encoding can sometimes be necessary.
john --format=sha512crypt --incremental=german --external=~/project/german.chr --input-encoding=UTF-8 ~/project/german_hash.txt
John will now attempt to crack the password, including the special German characters.
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2])
Will run till completion
Press 'q' or Ctrl-C to abort, almost any other key for status
schön (user5)
1g 0:00:00:00 DONE (2023-10-27 10:20) 100.0g/s 100p/s 100c/s 100C/s schön
Use the "--show" option to display all of the cracked passwords reliably
Session completed
To confirm the cracked password:
john --show ~/project/german_hash.txt
user5:schön
1 password hash cracked, 0 left
This step demonstrates the importance of including specific non-English characters in your custom character sets when dealing with international passwords. Without these characters, John the Ripper would not be able to crack such passwords in incremental mode.
Summary
In this lab, you have gained practical experience in defining and utilizing custom character sets with John the Ripper. You learned how to create specific character set files (.chr), apply them in incremental cracking mode, and understand the significant impact of character set size on cracking efficiency. Furthermore, you explored how to optimize character set definitions using John's built-in character classes and how to handle non-English passwords by including special characters. Mastering custom character sets is a crucial skill for efficient and targeted password cracking, allowing you to narrow down the search space and accelerate the process based on known password characteristics.
