Learn to use AI like a Pro. Learn More

Cracking codes, demystified!

Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    In this engaging video, HackerSploit delves into the intricate world of password cracking, focusing specifically on using the powerful tool, John the Ripper. The video caters to both beginners and advanced users, ensuring a comprehensive understanding of password cracking basics before advancing to more complex techniques. With practical demonstrations, viewers learn how to crack both ZIP/RAR and Linux passwords efficiently. From acquiring password hashes to using specific utilities like Zip2John and understanding encryption nuances, the tutorial covers essential penetration testing skills. HackerSploit also reassures viewers about upcoming advanced content and invites them to interact with questions or thoughts.

      Highlights

      • Get set for a journey into password cracking with John the Ripper, an invaluable tool in your cybersecurity arsenal! πŸ”
      • HackerSploit emphasizes balancing content for both beginners and advanced users, promising more advanced uploads soon! πŸŽ₯
      • Learn to extract password hashes using Zip2John and crack them with John the Ripper in no time! πŸ”“
      • Witness a practical demonstration of cracking a simple numerical password from an encrypted ZIP file in seconds. ⏱️
      • Unlock the secrets of Linux password cracking by diving into the /etc/shadow file with John the Ripper! πŸ’»

      Key Takeaways

      • John the Ripper is a versatile tool for cracking different types of passwords! πŸ”‘
      • The process of password cracking depends largely on the complexity of the password. Simpler passwords take less time. πŸ•’
      • The ZIP to John and RAR to John utilities help extract password hashes from encrypted files. πŸ“‚
      • Linux passwords are stored in the /etc/shadow file, and John the Ripper can crack them efficiently. 🐧
      • Understanding the process is key to successful password cracking, requiring patience and prudence. πŸ’‘

      Overview

      In this exciting tutorial, HackerSploit leads us through the essential skill of password cracking, focusing on the renowned tool, John the Ripper. This video offers something for everyoneβ€”from beginners looking to grasp the fundamentals to advanced users awaiting more challenging content. John the Ripper stands out as a robust utility for cracking system passwords and hashes, making it a favorite in the cybersecurity realm.

        The video provides a hands-on demonstration, vividly explaining how to tackle encrypted ZIP or RAR files. The steps involve using the Zip2John and Rar2John utilities to acquire password hashes, emphasizing the importance of storing results properly for any penetration tester. The tutorial also highlights how the complexity of a password impacts the cracking time required, making the process as much about strategy as it is about patience.

          Transitioning from ZIP files to Linux systems, HackerSploit elaborates on cracking Linux passwords stored in the /etc/shadow file. With a straightforward demonstration, viewers learn how encryption algorithms function and the potential simplicity of defeating them when armed with the right knowledge and tools. With an engaging closing, the creator invites further discussion and interaction, ensuring viewers feel part of a larger learning community.

            Chapters

            • 00:00 - 01:30: Introduction to Password Cracking The chapter introduces password cracking with a focus on using a tool called John the Ripper. The narrator, known as Hacker Exploit, emphasizes the importance of this topic, acknowledging that it is a significant area that they had not covered previously despite requests from their audience.
            • 01:30 - 08:00: Using John the Ripper for ZIP/RAR Files This chapter introduces the use of John the Ripper, a powerful password cracking tool, specifically for cracking ZIP and RAR file passwords. It explains its capabilities not only with system passwords but also with password hashes. The instructor mentions responding to audience requests for more advanced content and acknowledges previous lack of advanced material because he wanted to ensure thorough coverage.
            • 08:00 - 13:30: Cracking Linux Passwords The chapter begins with a brief mention of beginner videos available on the channel, intended to guide newbies through initial tutorials before proceeding to more advanced series.
            • 13:30 - 15:00: Conclusion and Farewell In this final chapter, the author expresses gratitude to the audience for their patience and explains the process of recording and editing content before uploading. Emphasizing inclusivity, the author reassures both beginners and advanced users that the content is valuable and accessible for all experience levels, reinforcing a welcoming environment for learning.

            Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords Transcription

            • 00:00 - 00:30 [Music] hey guys hacker exploit here back again with another video and in this video we're going to be looking at password cracking uh more specifically password cracking with john the ripper all right so a lot of you guys have been asking me for this and this is probably a very very important section that i've realized that i haven't covered before and obviously this section is password cracking uh more specifically password cracking
            • 00:30 - 01:00 using john the ripper all right so john the ripper is a fantastic password uh cracking utility that is used to crack in or our passwords system passwords etc etc it's also very very good for password hash cracking now for those of you asking for the more advanced videos on the channel do not worry at all i was planning this for a long time and i've really really listened to what you guys have had to say and uh yes uh on the channel and you know until now i haven't covered a lot of advanced videos and that's because i wanted to fully
            • 01:00 - 01:30 cover the beginner videos so that anyone who watches the channel can go through the beginning tutorials and then get competent enough to move on to the advanced series now for those of you already advanced enough in this field you want to see advanced videos don't worry about that i've been working on the web penetration testing series uh and some more other advanced series and i was scheduling to upload the videos at the beginning of march but since you want since you want them early what i'm going to do is i'm going to start uploading them from this week from one day onwards
            • 01:30 - 02:00 okay so i've actually recorded and edit them edited them and now i'll move on to to actually uploading them so again thank you so much for waiting uh you know i just wanted to make sure that i covered all the basics first and obviously i can cover both sides of the spectrum where you know beginners can find value on the channel and also the advanced users can find value in the channel i really value both uh both both experience levels if if that's what you want to call it uh so you know beginners should not feel intimidated at all and the advanced user should not feel
            • 02:00 - 02:30 like the channel is becoming very very uh basic in terms of the types of videos i'm uploading so you don't have to worry about that i'll be uploading the advanced videos so i'm going to try and get a balance anyway as i said i've not i really covered the password cracking section and today we're going to be looking at how to crack the zip and raw passwords with john the ripper all right so the surprising thing is a lot many people or people actually find this really really complex because uh you know they don't understand the password the the password hash cracking process
            • 02:30 - 03:00 and how the the cracking process works all right so essentially uh john the ripper is a fantastic tool that you know in in its full power is great for cracking password hashes and once you crack a password hash you essentially get the password now in this case i have an encrypted zip file here that is encrypted behind the password i created that on my windows operating system and i just gave it a uh i don't even remember what password i gave it i probably gave it a very very simple password and that's because uh
            • 03:00 - 03:30 again depending on the complexity of the password you are cracking uh the the the process can take you know a short short time to a longer time if deposit is more complex it's going to take longer if it's less complex in terms of the character set that you're choosing to use um then obviously it's going to take a less amount of time if the amount of characters is is limited or you know you have more characters and it's the you have the use of numbers and symbols then obviously the process is going to be longer but enough said let's get started with
            • 03:30 - 04:00 john the rapper right so john the ripper is pre-installed on canon linux which is awesome and as you can see i have the test file on my desktop so i'm just going to browse to my desktop here so change desktop change directory into my desktop and i'm going to clear that out and now we can get started with the process so the first thing we need to do is we need to get the password hashes and that can be done by using a tool called zip to john it is part of the the john the ripper package so let me just show you what
            • 04:00 - 04:30 it's used for it's used for getting the password hashes now depending on whether or not you're using a zip file or rar file the process is still the same or it has a utility for both of these processes so if you're using a zip file or you want to you want to get the password from a zip file the first thing we need to do is we need to use zip to john all right so zip to john sorry about that zip to john and then after that we specify the file and then if we hit enter it's going to give us the password hash or we can output the file into a txt document which is the
            • 04:30 - 05:00 the preferred way of doing so once you go into becoming a penetration tester it's very very important that you save all of the results that you're getting and everything that was involved in the process so again this is why i was talking about you know really really covering the basics so that people learn uh you know penetration testing the right way all right so as i said if you're using a zip file you can use zip to john if you're using a rar file you can use rar to john all right so the process is relatively simple in this case we're using a zip file so i'm going to use zip to john
            • 05:00 - 05:30 and now i'm going to specify the file name which in this case is called test.zip so i'm just going to test dot zip whoops sorry about that test.zip and once i've specified the file if i hit enter now it's going to oops for some reason we've got an error there oh there is a space uh in there so let me just see if i can rename this and get rid of the space between there uh there we are let me just rename it fantastic okay so now we can go uh zip to john test.zip now once i hit
            • 05:30 - 06:00 enter it will give me the password hash don't worry if it gives you the error that the uh the file is not encrypted uh regardless the password hash starts with the dollar sign and ends with the dollar sign that is a a hash so it ends here or actually here all right so it starts with the uh the dollar sign and ends with the dollar sign that's how you know what a password dash is so now we need to crack this but first i want to export it into a txt document so to do that we just use the output denoter which is uh the greater than sign and we give the name of the the document in this case
            • 06:00 - 06:30 we're using we're storing it in a text document so i'm just going to call it um oops hash.txt i'm going to hit enter and it's going to save the hash for us in here there we are fantastic and now we can get started with the password hash tracking process i'm just going to clear the terminal now and we can use john so now we have to use john and we now need to select the format of the of the file that we're trying to crack and then specify the hash or the document that contains the hash
            • 06:30 - 07:00 so we say john and then we use the format denoter uh so that is the format command and that is denoted by a double dash and format all right so after that we then say format is equal to zip now again if your file is a rar file uh the process is the same you just need to change this into a rar all right so in this case mine is just zip and then now you have to specify the hash so if you have copied the hash you can just paste it in here directly in this case we have saved it on a document so i'm just gonna
            • 07:00 - 07:30 specify the document name so hash dot txt and i'm going to hit enter and the the password hash cracking process is there as you can see it was performing the cracking process and it got it in a few seconds and as you can see the password is really really simple one two three four five six now the reason i chose this is because uh again i did not want something very complex otherwise it would it would have taken a longer time and that is the thing you need to understand about password cracking uh even when you use tools when you're
            • 07:30 - 08:00 cracking you know logins like the ssh login and you're using tools like hydra the process is quite uh quite a while you know i remember you cracking passwords when i was learning or when i was you know on my first job the process the password cracking uh you know took almost probably about 12 hours so yeah it's going to take a while and that is the uh probably the thing about password cracking whether you're performing a brute force attack um or you're you're trying to crack against passwords logins uh you know or even if you're
            • 08:00 - 08:30 using a dictionary attack you know it's uh it's pretty much just about time all right so that is how you to crack a zip file or a r file the process is still the same and there's your password so now we know the password is one two three four five six let us confirm that by actually trying to extract our file here so i'm gonna hit extract here i'm gonna extract to my desktop there we are extract and i'm just gonna enter the password and i'm going to hit ok and there we are extraction completed successfully fantastic we can close that
            • 08:30 - 09:00 up and in my test file i just had some really basic files yeah there's a setup there just for synergy which is awesome all right so one more extra thing i'm gonna give you guys an extra bonus i'm gonna show you how to crack linux passwords uh with john all right so with the the thing about linux passwords is linux passwords are stored in the etc and the shadow folder all right so i'm pretty much uh most of you are familiar with that those of you who are advanced users should be familiar with uh the file structure or the uh the
            • 09:00 - 09:30 linux file directories and where the passwords are stored but the thing about them is the the file is encrypted so you need to crack it uh so by default what i'm going to do is i'm just going to create a user uh so user add and i'm just going to say the user username should be uh let's just call it user user 2 all right i'm going to hit enter and it's going to add the user and i'm going to change the password of user 2. so i'm essentially what i'm doing right now is i'm just creating a user and a password and i'm going to
            • 09:30 - 10:00 show you how to crack it uh obviously the linux usernames and passwords so you can actually crack the passwords that belong to all the accounts on the linux operating system so i'm gonna give it a password so it's gonna ask me to enter a new unix password so again i'm just gonna enter a really really simple password one two three four five six seven let's make it a bit complex so one two three four five six seven and i'm gonna hit enter and there we are password updated successfully so to crack the to crack
            • 10:00 - 10:30 the the shadows file this the shadows file exists in the uh the etc and as you can see if you specify the shadow file uh like this the etc shadows file you will essentially that is where all the passwords are stored so we can use john and we can say etc shadow uh if i just open that up there we are shadow there's the shadow file uh again by the way it is a file so we just hit shadow and once we hit enter it's gonna start cracking the password hash
            • 10:30 - 11:00 and it's going to give us the results as you can see here one two three four five six seven so that was really really quick now let me explain the results that we've got here because it may feel a bit uh a bit confusing so as you can see detected that the hash type was a sharp 512 or 512 so that is an encryption protocol or an increase encryption algorithm sorry about that very very powerful and again it was able to crack it really really quickly now by default it's telling me something here that it loaded three password hashes with three different
            • 11:00 - 11:30 salts uh so what this means is yes i have performed this cracking before and it found the password hashes and they were correct so what it's saying is i had three accounts that were cracked before and it will they've already cracked the hashes so it's not going to crack those um the password hashes for those accounts it only cracks the ones that do not build that have not been cracked yet in this case which was user 2 and it got the password there which was awesome uh so that is essentially how to crack linux passwords it's really very simple as i said uh people just you know really over
            • 11:30 - 12:00 over they just they just make things a bit too complex for themselves and the the process if you understand the process uh the then performing the techniques you know to exploit a system or two in this case cracker passwords are really very simple it's just about time patience and uh prudence all right so i'm just going to clear this up and what we're going to do now is i'm just going to delete the user that i created use a delete um well oh i'll do that later anyway thank you so much for watching uh this video guys i hope you found value in
            • 12:00 - 12:30 this video please leave a like down below if you have any questions at all any at all just leave them in the comments section or on my social networks or you can hit me up on kik thank you so much for watching guys and have a fantastic day peace you