Time
40 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello, Martinez. Dustin. And welcome to password cracking
00:04
in this lab. We're going to be using John the river in order to crack our linen at sea shadow passwords.
00:11
The first step is to boot into clinics machine.
00:14
After that, we're going to create a few simple Lennox users and attempt to crack their passwords.
00:21
Let's jump right in.
00:24
All right, So we've got our Callie Lennox machine boot it up here. So the first thing we're gonna do is create some new users. So in order to do that will make this bigger, hear you use the user at command.
00:39
And so the user's we're gonna add our Michael,
00:44
Dwight and Jim. So now we've had these users. What? They don't have any passwords. So in order to change or add a password and thanks to do the past everybody command and then using so well, Michael,
01:00
his new password is going to be boss because he is the boss.
01:07
And then we're gonna go ahead and pass for right.
01:11
We will do beats because boy likes beets.
01:19
And now we're gonna do Jin's password
01:23
cranks.
01:26
Jim likes to pull pranks. So we've now operated three users, and we have three passwords for them, so we're gonna go ahead and create a custom word list. So in order to do that, one of you if you don't, you know,
01:44
and we will just mean a custom toward list. Got text.
01:49
All right, so here's where you can create your custom. Wordless. It's basically just ah, huge dictionary of different words use, I think, might be used. So we've done our recon are re kon all 9,986,000 minutes of it. So we know the employees in this office pretty well.
02:08
Let's go ahead and build this dictionary to try and crack the passwords that we just created. So let's go ahead. And we can add some words that we know maybe being used.
02:22
Spell everything right?
02:25
Battles are.
02:30
Hello, Franks. What does this? And I'm just taking some words that I know people might be using for passwords.
02:45
Yeah,
02:50
Once you done with that,
02:53
you can do control. Oh, right. The file
02:57
control X.
03:00
Okay. Now we've created our users, and you've created our custom or list. Let's go ahead and run, John, and try and crack
03:08
these passwords. So first thing we're gonna do is ah, PW view Print are working directory and then l s d f l make sure we've got a file here.
03:17
So custom wordless. There it is, right at the top. So we know our file is at slash root slash custom wordless dot text. So in order to use John to crack the password for energy, John Dash Dash for word list
03:37
equals word list in the file where the pastor of the Florida clinics is the FC Shadow Password file
03:51
Flooding. Crack that.
03:53
And there we go. So it looks like it did crack a few. This hash is so let's do this John Dash dash show
04:03
and you can see we've cracked three of the passwords. The only one we didn't crack with the root password. So it's going to try that.
04:12
So let's do Let's edit our custom. Wordless you, Nana. Wordless
04:20
way. No,
04:23
this is a limits machine.
04:25
We know a couple of the regular passwords for Callie Lennox might be tour route calendar, and they have changed it. Let's see what else we can d'oh have
04:39
And that zero gain control. Oh, right, the file. So let's try that one more time and try and crack that.
04:46
So if you hit up, you can go through back through your previous commands. So we've got our John Dash dash word list
04:54
equals slash root slash custom wordless stop text, which we just updated and we're gonna try and crack that etc. Shadow file. So let's go ahead and run that again.
05:05
You and I think we've cracked our last one. So now it's Go ahead and show those passwords.
05:11
John Dash, dash show slash Z Some shadow.
05:15
And there we go. We've actually cracked all four passwords on this machine. You've got route with passage of tour Michael with a password of best boss Dwight for the password of beets and Jim with a password of pranks. So that's how easy it is to use John the Ripper in both Callie Lennox
05:35
and Windows

Up Next

Password Cracking Tool Fundamentals

In Password Cracking Tool Fundamentals, Dustin Parry takes you through different aspects of securing passwords and techniques deployed to crack passwords. These techniques can be deployed by IT technicians to check the password strengths, and it can be used by pentesters and attackers alike.

Instructed By

Instructor Profile Image
Dustin Parry
Network Security Engineer
Instructor