Introduction
In this lab, you will explore the process of cracking SHA1 hashes using John the Ripper, a powerful open-source password cracking tool. Understanding how hashes are cracked is crucial for comprehending password security vulnerabilities and implementing stronger security measures. You will learn to generate SHA1 hashes from plain text passwords, prepare these hashes for John the Ripper, and then use the tool to recover the original passwords. This hands-on experience will provide insights into the effectiveness of hashing algorithms and the importance of strong, unique passwords.
Generate SHA1 Hashes from Passwords
In this step, you will generate SHA1 hashes from a few sample passwords. SHA1 (Secure Hash Algorithm 1) is a cryptographic hash function that takes an input and produces a 160-bit (20-byte) hash value, typically rendered as a 40-digit hexadecimal number. While SHA1 is considered cryptographically broken for certain applications due to vulnerabilities, it's still useful for demonstrating hash cracking principles.
First, let's create a file named passwords.txt that contains some simple passwords.
echo -e "password123\nlabexuser\nsecretpass" > passwords.txt
Now, we will use the sha1sum command to generate the SHA1 hash for each password in the passwords.txt file. The -t option tells sha1sum to read text mode, and the -b option tells it to read binary mode. We will use xargs to pass each line of the file as an argument to sha1sum.
cat passwords.txt | xargs -I {} sh -c 'echo -n "{}" | sha1sum' > hashes.txt
This command reads each password from passwords.txt, pipes it to sha1sum (using echo -n to prevent adding a newline character which would change the hash), and then redirects the output (the hash and the original password) into a new file called hashes.txt.
Let's view the content of hashes.txt:
cat hashes.txt
You should see output similar to this, where each line contains a SHA1 hash followed by the original password:
5d41402abc4b2a76b9719d911017c592070b4783 password123
1234567890abcdef1234567890abcdef12345678 labexuser
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 secretpass
Note: The second column (the original password) is included by sha1sum by default. For cracking, John the Ripper typically only needs the hash itself. We will prepare the file for John in the next step.
Prepare a Hash File for SHA1
In this step, you will prepare the hashes.txt file so that it contains only the SHA1 hashes, which is the format John the Ripper expects for cracking. The hashes.txt file currently contains both the hash and the original password, which is not ideal for input to John.
We will extract only the hash values from hashes.txt and save them to a new file called sha1_hashes_for_john.txt. We can use the awk command to achieve this, as it allows us to easily select specific columns from a file.
awk '{print $1}' hashes.txt > sha1_hashes_for_john.txt
This command tells awk to print the first field ($1) of each line in hashes.txt and redirect the output to sha1_hashes_for_john.txt.
Now, let's inspect the content of the new file to ensure it only contains the hashes:
cat sha1_hashes_for_john.txt
You should see output similar to this, with only the SHA1 hashes listed:
5d41402abc4b2a76b9719d911017c592070b4783
1234567890abcdef1234567890abcdef12345678
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
This file is now ready to be used as input for John the Ripper.
Crack SHA1 Hashes with John the Ripper
In this step, you will use John the Ripper to crack the SHA1 hashes stored in sha1_hashes_for_john.txt. John the Ripper is a fast password cracker, available for many operating systems. Its primary purpose is to detect weak Unix passwords. It supports various hash types, including SHA1.
We will use John the Ripper in "wordlist mode" to attempt to crack the hashes. This mode tries passwords from a predefined list (a "wordlist"). For this lab, we will create a simple wordlist containing the original passwords. In a real-world scenario, you would use a much larger and more comprehensive wordlist.
First, create a simple wordlist file named wordlist.txt:
echo -e "password123\nlabexuser\nsecretpass\nwrongpass\notherpass" > wordlist.txt
Now, run John the Ripper with the prepared hash file and the wordlist:
john --format=raw-sha1 --wordlist=wordlist.txt sha1_hashes_for_john.txt
Let's break down the command:
john: The command to invoke John the Ripper.--format=raw-sha1: Specifies that the input hashes are raw SHA1 hashes. John supports many formats, and specifying the correct one helps it crack efficiently.--wordlist=wordlist.txt: Tells John to usewordlist.txtas the dictionary for cracking.sha1_hashes_for_john.txt: The file containing the hashes to be cracked.
After running the command, John will attempt to crack the hashes. If successful, it will display the cracked passwords.
You should see output similar to this, indicating the cracked passwords:
Using default input encoding: UTF-8
Loaded 3 password hashes with no different salts (Raw-SHA1 [SHA1])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
password123 (5d41402abc4b2a76b9719d911017c592070b4783)
labexuser (1234567890abcdef1234567890abcdef12345678)
secretpass (5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8)
3g 0:00:00:00 DONE (2023-10-27 10:30) 100.0% (ETA: 00:00:00) 3.000g/s 100.0p/s 100.0c/s 100.0C/s password123..secretpass
Session completed.
To view the cracked passwords again, you can use the --show option:
john --show sha1_hashes_for_john.txt
This command will display all hashes that John has successfully cracked and stored in its internal pot file.
password123:5d41402abc4b2a76b9719d911017c592070b4783
labexuser:1234567890abcdef1234567890abcdef12345678
secretpass:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
3 password hashes cracked, 0 left
Analyze SHA1 Cracking Performance
In this step, you will briefly analyze the performance of John the Ripper in cracking SHA1 hashes. While our example uses a very small wordlist and simple passwords, in a real-world scenario, cracking performance is a critical factor.
John the Ripper provides some performance metrics in its output, such as "g/s" (guesses per second) and "p/s" (passwords per second). These metrics indicate how many password attempts John can make per second.
Let's re-run the cracking command and observe the output carefully:
john --format=raw-sha1 --wordlist=wordlist.txt sha1_hashes_for_john.txt
Look for lines similar to this in the output:
3g 0:00:00:00 DONE (2023-10-27 10:30) 100.0% (ETA: 00:00:00) 3.000g/s 100.0p/s 100.0c/s 100.0C/s password123..secretpass
Here, 3.000g/s indicates that John processed 3 guesses per second, and 100.0p/s indicates 100 passwords per second. For such a small set of hashes and a tiny wordlist, the cracking is almost instantaneous.
Factors affecting cracking performance:
- Password Complexity: Simple, common passwords are cracked much faster than complex, unique ones.
- Wordlist Size and Quality: A larger and more relevant wordlist increases the chances of cracking but also increases the time taken.
- Hashing Algorithm: Some hashing algorithms are designed to be computationally intensive (e.g., bcrypt, scrypt) to slow down cracking attempts, while others like raw SHA1 are relatively fast.
- Hardware: The processing power (CPU/GPU) of the cracking machine significantly impacts performance.
This brief analysis highlights that even with a powerful tool like John the Ripper, the strength of the original password and the hashing algorithm play a crucial role in the time it takes to crack a hash.
Understand SHA1 Hash Characteristics
In this step, you will gain a deeper understanding of SHA1 hash characteristics and why it's important to use stronger hashing algorithms for password storage.
Key Characteristics of SHA1:
- Fixed Output Size: SHA1 always produces a 160-bit (20-byte) hash value, regardless of the input size. This is why you see a 40-character hexadecimal string.
- One-Way Function: It's computationally infeasible to reverse the hashing process to get the original input from the hash. This is why cracking relies on brute-force or dictionary attacks.
- Deterministic: The same input will always produce the same SHA1 hash. This property is essential for verifying data integrity.
- Avalanche Effect: A small change in the input (even a single bit) results in a drastically different hash output. This makes it difficult to guess inputs based on hash similarities.
Why SHA1 is considered insecure for password storage:
- Collision Attacks: In 2017, a practical collision attack against SHA1 was demonstrated. A collision occurs when two different inputs produce the same hash output. While finding a collision doesn't directly reveal the original password, it undermines the integrity of the hash function and can be exploited in various attacks.
- Speed: SHA1 is relatively fast to compute. This speed, combined with modern computing power, makes it vulnerable to brute-force and dictionary attacks, especially for common or weak passwords.
- Lack of Salting: Raw SHA1 hashes, as demonstrated in this lab, do not inherently include "salting." Salting involves adding a unique, random string to each password before hashing. This prevents pre-computed rainbow tables from being effective and ensures that two identical passwords have different hashes, even if stored in the same database.
For secure password storage today, stronger, slower, and salted hashing algorithms like bcrypt, scrypt, or Argon2 are recommended. These algorithms are designed to be computationally intensive, making brute-force attacks much more time-consuming and expensive.
This lab demonstrated the fundamental principles of hash cracking using SHA1. It serves as a reminder of the importance of using robust hashing algorithms and strong, unique passwords to protect sensitive information.
Summary
In this lab, you successfully learned how to generate SHA1 hashes from plain text passwords and prepare them for cracking. You then used John the Ripper in wordlist mode to crack these SHA1 hashes, recovering the original passwords. Furthermore, you gained insights into the factors affecting hash cracking performance and understood the key characteristics of SHA1, including why it is no longer considered secure for password storage due to its speed and susceptibility to collision attacks. This hands-on experience reinforces the importance of using strong, unique passwords and modern, robust hashing algorithms like bcrypt, scrypt, or Argon2 for secure password management.
