Intro

In this article – the last in our John the Ripper series – we would like to focus on how we can use John to crack SSH keys, as well as mention some basics of Custom Rules.

 

Intro

It should come as no surprise that John can also deal with .zip and .rar archives. John does this by leveraging the zip2john and rar2john utilities, built in the tool, so that it can ingest something that it will know how to use. The syntax is pretty much the same, and by now, you should be quite familiar with it; still, we will use this article to show some examples of how we can make our .zip and .rar archives John-ready. As we will see, this is akin to the unshadow tool we’ve used previously.

 

Intro

Authentication hashes are stored and kept by operating systems. Really, they are just hashed values of passwords. It might be possible to brute force these, but oftentimes you would need some sort of privileged permissions in order to obtain them, so it is somewhat of a more difficult task.

Intro

John The Ripper, or John for short, is one of the most well known password and hash cracking tools out there. John is extremely versatile, most importantly, it is extremely fast, with a really big range of compatible types of hashes, not just the most common ones like SHA1, SHA256, MD5, etc. It is also worth mentioning that John will work on all of the three most common operating systems – Windows, MacOS, and Linux-based distros. For Windows, there’s also the Hash Suite, developed by a John the Ripper Contributor. 

Hashes

Hashing, most simply put, is the act of taking a piece of data (of any length) and representing it in another shape, that is of fixed length. We do so by passing our original data through an algorithm – hashing algorithm. Some more popular examples are: NTLM, MD4, SHA512.

As an example, take my name  – acephale as an input string and pass it through a SHA256 algorithm, and we get the following string of characters:

Intro

Now that we have covered some of the more important features of Nmap, we would like to talk about one of the most, if not the most, important features: NSE, short for Nmap Scripting Engine. Firstly, let’s mention the fact that the set of NSE scripts is quite diverse and constantly growing. NSE was designed to be flexible, specifically for network discovery, more sophisticated version detection, backdoor detection, vulnerability detection and exploitation.

Intro

Today, firewalls are an essential part of almost every IT infrastructure and are being deployed in a myriad of shapes and forms. They usually focus on layers 3 and 4 of the OSI Model (occasionally layer 2). Next-generation Firewalls (NGFW) can also cover layers 5, 6, and 7. With more layers covered, we gain more control, but also spend more computing power.

Intro

In this article we will look further into some of the options that Nmap offers. Since we have looked into the Null, Xmas, and FIN scans, we will continue down this path of port scanning techniques, and for this article we will focus on ACK Scan (-sA),  Window Scan (-sW), and Maimon Scan (-sM). 

Intro

If you’re familiar with Nmap, you are probably aware of the myriad of options it has to offer. I have opted to use example scans for our purposes in hopes of being able to more easily demonstrate some of those options.