Cracking Passwords

Hashes are one-way functions so it is impossible to reconstruct the hash input from the hash output. But, for passwords, there are ways that password hashes can be "cracked." Several attacks will be demonstrated in this chapter.

Learning Objectives

You should be able to crack passwords using hashcat and john with the following attack types:

  • Dictionary attacks
  • Brute force attacks

Video Walkthrough

Use this video to follow along with the steps in this lab.

Crack Hashes

LinkedIn suffered a data breach in 2012. Millions of usernames and password hashes were leaked. Unfortunately, LinkedIn did not salt passwords, and it used the SHA1 algorithm. SHA1 was built for speed, which is great for password crackers. In this section, you will do just what the hackers did--try to crack the LinkedIn passwords. For simplicity, only a small subset of the actual passwords are included here.

  • Launch your Linux virtual machine and access the terminal.
  • Run the following command. Note that it will delete any files you added or changed in the cyfunfiles folder.
cd ~
rm -rf cyfunfiles
  • Run the following command to download files from the internet. This will create a new folder called cyfunfiles in your home directory.
git clone https://github.com/jimmarq/cyfunfiles
  • Change directories to the cyfunfiles directory.
cd cyfunfiles
  • Change directories to the crypto_crack_hashes subdirectory.
cd crypto_crack_hashes
  • Look at the files in the folder with ls.
ls
  • There is a file called linked_hashes.txt. View its contents.
cat linkedin_hashes.txt
  • You should see a bunch of hexadecimal data. Each line represents an actual LinkedIn user's password. The goal of password cracking is to discover the password that will generate each of these hashes.
7c4a8d09ca3762af61e59520943dc26494f8941b
7728240c80b6bfd450849405e8500d6d207783b6
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
f7c3bc1d808e04732adf679965ccc34ca7ae3441
8d6e34f987851aa599257d3831a1af040886842f
b1b3773a05c0ed0176787a4f1574ff0075f7521e
dd5fef9c1c1da1394d6d34b248c51be2ad740840

In the next sections, you will perform various attacks using a program called John (the Ripper, but many people just refer to the program as "John.") A more sophisticated program for cracking hashes is Hashcat, but it does not run well on virtual machines.

Install John

John is a popular password cracker. Run the following commands to install it.

sudo apt update
sudo apt install john hashcat -y

Verify that john and hashcat have been installed.

john
hashcat

Dictionary Attack

Dictionary attacks hash all of the words in a list and compare those hashes to the passwords being cracked. Dictionary attacks often work well because people are predictable and do not choose random passwords.

  • Print a sample of the default password list installed with john. There are about 3,600 passwords. It's not a terribly large dictionary, but it will work fine. Some password dictionaries have millions of passwords.
tail /usr/share/john/password.lst
  • Run the following command to run a dictionary attack using hashcat.
hashcat -a 0 -m 100 linkedin_hashes.txt /usr/share/john/password.lst

It will take a minute for hashcat to start. Once it starts calculating hashes, hashcat should finish quickly. Eventually, you will see output like the following (though I've redacted the password to avoid spoiling the fun).

7c4a8d09ca3762af61e59520943dc26494f8941b:1[redacted]
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8:p[redacted]
f7c3bc1d808e04732adf679965ccc34ca7ae3441:1[redacted]
b1b3773a05c0ed0176787a4f1574ff0075f7521e:q[redacted]
8d6e34f987851aa599257d3831a1af040886842f:s[redacted]
dd5fef9c1c1da1394d6d34b248c51be2ad740840:6[redacted]
  • The attack should run very fast. All 3,600 passwords were checked against the LinkedIn hashes very quickly.
  • Notice that there were 7 hashes to crack, but only 6 passwords were recovered.
  • If you did not see the hashes in the terminal, you can check to see what has been cracked with:
hashcat -a 0 -m 100 linkedin_hashes.txt /usr/share/john/password.lst --show

When dictionary attacks fail, you can:

  • find a bigger dictionary, or
  • try a different type of attack.

In the next section, you'll try a brute force attack.

Brute Force Attack

In a brute force attack, all possible passwords for given character sets will be tried. The larger the character set, the longer the attack can take to finish.

hashcat -a 3 -m 100 linkedin_hashes.txt ?l?l?l?l?l?l?l?l

  • The parameters are:

    • -a 3: Brute force attack mode
    • -m 100: The SHA1 hash type
    • linkedin_hashes.txt: The file with the hashes
    • ?l?l?l?l?l?l?l?l: The characters to use in the brute force attach. In this case, hashcat will try all characters up to 8 long with lowercase letters.

  • Several metrics will be reported while the attack is going. You can press s to get the current status.

Session..........: hashcat
Status...........: Running
Hash.Mode........: 100 (SHA1)
Hash.Target......: linkedin_hashes.txt
Time.Started.....: Tue Jul  2 18:01:24 2024 (4 secs)
Time.Estimated...: Tue Jul  2 18:02:43 2024 (1 min, 15 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?h?h?h?h?h?h?h?h [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 53977.0 kH/s (9.13ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
Recovered........: 6/7 (85.71%) Digests (total), 0/7 (0.00%) Digests (new)
Progress.........: 218103808/4294967296 (5.08%)
Rejected.........: 0/218103808 (0.00%)
Restore.Point....: 53248/1048576 (5.08%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1024 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: 123e19de -> 6ebf54ca

On this hardware, hashcat is trying to crack about 54 million hashes per second.

Evaluating Bcrypt

The bcrypt algorithm has 2 defenses against password cracking: 1) it intentionally wastes CPU to make it slow, and 2) it salts by default.

  • Run the following command to try cracking the bcrypt hashes for cat (because "wildcat" would take entirely too long to crack) and 1999 (in honor of his purpleness). These passwords would be trivial to crack if they were hashed using MD5 without salt.
hashcat -a 3 -m 3200 -i bcrypt_hashes.txt ?h?h?h?h?h?h

  • The above command adds the -i parameter to crack incrementally, meaning it will try 1 character password, then 2 character passwords, etc. It also uses -m 3200 to specify the bcrypt hashing algorithm.

  • While the attack is in progress, press s to evaluate the cracking speed.

  • On the same hardware, hashcat can crack:
    • 54,000,000 SHA1 hashes per second
    • 26 bcrypt hashes per second
  • Press q to quit hashcat if you'd like.
  • To limit the search, try 4-character passwords composed entirely of numbers. There are 10,000 possible passwords.
hashcat -a 3 -m 3200 bcrypt_hashes.txt ?d?d?d?d

You should eventually see a recovered password.

$2a$10$SM/7V4YQY19evi6lm5TpXurRDqWCVcUtT4AJmBOeLTHUucWqlkYs.:1999

Cracking bcrypt hashes is approximately 2 million times slower. So if it took a week to crack a SHA1 hash, it would take thousands of years to crack that same password if it were hashed using bcrypt. There are some caveats about hardware and software efficiency, but the fact remains that bcrypt hashes are much harder to crack.

Challenge

  • Use john to crack passwords in the Linux shadow file with:
cd ~
sudo cp /etc/shadow shadow
john shadow
  • Create several user accounts, set their passwords, and try to crack those passwords.
  • Use the following command to show any cracked passwords.
john shadow --show

Reflection

  • Why don't people choose stronger passwords?
  • If you picked a strong password, would brute force and dictionary attacks have been successful?

Key Terms

  • Password Cracking: The process of recovering passwords from data that has been stored or transmitted in a hashed or encrypted form. This is typically done using various techniques such as brute force, dictionary attacks, or rainbow tables to guess or systematically try possible passwords until the correct one is found.
  • John: Short for "John the Ripper," a popular open-source password cracking tool. It is used to detect weak passwords and recover lost passwords by performing various types of attacks, including dictionary attacks and brute force attacks.
  • Hashcat: A powerful and versatile password cracking tool that supports a wide range of hashing algorithms. Hashcat can perform dictionary attacks, brute force attacks, and other advanced techniques to recover passwords from hashed data.
  • Password Attack - Dictionary: A method of password cracking that uses a precompiled list of potential passwords (a dictionary) to guess the correct password. The attack systematically tries each password in the list until it finds a match.
  • Password Dictionary: A list of commonly used passwords or potential passwords compiled for use in dictionary attacks. These dictionaries often include common words, phrases, and variations that users might choose as passwords.
  • Password Attack - Brute Force: A method of password cracking that systematically tries all possible combinations of characters until the correct password is found. Brute force attacks are time-consuming and computationally intensive but can eventually crack any password given enough time and resources.