1
00:00:00,630 --> 00:00:02,250
<v ->In this demonstration you're going to see</v>

2
00:00:02,250 --> 00:00:03,660
how a password-cracking tool

3
00:00:03,660 --> 00:00:05,760
like John the Ripper is actually used.

4
00:00:05,760 --> 00:00:07,820
Now, like most of the demos in this course,

5
00:00:07,820 --> 00:00:08,653
you don't need to know how

6
00:00:08,653 --> 00:00:11,100
to actually use John the Ripper to pass the exam

7
00:00:11,100 --> 00:00:13,460
but this tool is heavily used by security analysts

8
00:00:13,460 --> 00:00:15,020
when performing vulnerability assessments

9
00:00:15,020 --> 00:00:17,750
and penetration tests so I thought I'd show it to you.

10
00:00:17,750 --> 00:00:20,810
So let's use this tool as a demonstration of the concept

11
00:00:20,810 --> 00:00:23,560
of how easily and quickly a weak password can

12
00:00:23,560 --> 00:00:25,160
be broken using a tool like

13
00:00:25,160 --> 00:00:26,980
John the Ripper or Cain and Abel.

14
00:00:26,980 --> 00:00:29,290
Now, let's jump in the lab and get started.

15
00:00:29,290 --> 00:00:30,930
Now, to do this, we're going to try

16
00:00:30,930 --> 00:00:34,350
to crack the password for this Kali Linux machine.

17
00:00:34,350 --> 00:00:37,410
Now I'll tell you right now the password is toor,

18
00:00:37,410 --> 00:00:39,280
which is a very standard password that is used

19
00:00:39,280 --> 00:00:42,130
by Kali Linux by default when you install it

20
00:00:42,130 --> 00:00:43,290
but we're going to go ahead through

21
00:00:43,290 --> 00:00:45,460
the process of trying to crack that now.

22
00:00:45,460 --> 00:00:47,790
So before we can try to crack those hashes

23
00:00:47,790 --> 00:00:51,110
we have to gather those hashes from the Kali Linux machine.

24
00:00:51,110 --> 00:00:53,800
Now, by default, inside Kali Linux

25
00:00:53,800 --> 00:00:56,550
these passwords are stored inside the password file

26
00:00:56,550 --> 00:00:59,650
and as a shadow inside the shadow file.

27
00:00:59,650 --> 00:01:00,880
So we're going to grab both of those

28
00:01:00,880 --> 00:01:04,680
and put those into a file for us called my password

29
00:01:04,680 --> 00:01:09,480
so we'll do that by typing unshadow /etc/password

30
00:01:09,480 --> 00:01:12,980
and then /etc/shadow and then

31
00:01:12,980 --> 00:01:17,610
we'll pipe that over to the file password.txt.

32
00:01:17,610 --> 00:01:19,568
And it's done so now if I hit ls

33
00:01:19,568 --> 00:01:22,960
you'll see that there is the password.txt file.

34
00:01:22,960 --> 00:01:25,520
So what does that password file look like now?

35
00:01:25,520 --> 00:01:27,550
Well, let's go ahead and print it to the screen

36
00:01:27,550 --> 00:01:29,490
so that you can see it.

37
00:01:29,490 --> 00:01:32,450
And let's do more password.txt

38
00:01:32,450 --> 00:01:35,160
and you'll see here you have your usernames on the left

39
00:01:35,160 --> 00:01:37,200
and then what group they're associated with it

40
00:01:37,200 --> 00:01:38,850
and how they're going to be logging on.

41
00:01:38,850 --> 00:01:41,960
Now, under root you'll see that long hash there at the top,

42
00:01:41,960 --> 00:01:45,860
that $6$u all the way through across the top,

43
00:01:45,860 --> 00:01:48,040
that is the shadowed password,

44
00:01:48,040 --> 00:01:50,460
the hash of it that we've captured.

45
00:01:50,460 --> 00:01:51,810
Now, how do we crack that?

46
00:01:51,810 --> 00:01:54,520
Well, that's where John the Ripper's going to come in handy.

47
00:01:54,520 --> 00:01:56,463
So let me go ahead and clear my screen here

48
00:01:56,463 --> 00:02:01,160
and what we're going to do is type john password.txt

49
00:02:01,160 --> 00:02:03,850
and hit Enter and John's going to go through

50
00:02:03,850 --> 00:02:05,950
and try to crack that password.

51
00:02:05,950 --> 00:02:07,410
Now, it already says it found it.

52
00:02:07,410 --> 00:02:10,400
It was very, very quick and so to show that password,

53
00:02:10,400 --> 00:02:15,320
we'll just type in john -show and then the file

54
00:02:15,320 --> 00:02:17,700
that we had used which was password.txt

55
00:02:17,700 --> 00:02:20,040
and so you can see that root was the username

56
00:02:20,040 --> 00:02:21,950
and toor was the password.

57
00:02:21,950 --> 00:02:25,260
You can see just how quickly John can go through

58
00:02:25,260 --> 00:02:28,830
and decrypt these hashes back into something

59
00:02:28,830 --> 00:02:31,040
that's usable for us which is the password.

60
00:02:31,040 --> 00:02:33,480
And now I could log into the system as root

61
00:02:33,480 --> 00:02:36,225
with password toor with no problem.

62
00:02:36,225 --> 00:02:38,725
(logo buzzes)