JOHN THE RIPPER:- John the ripper is a password cracker tool that attempts to detect weak passwords. John the ripper will operate on a wide range of passwords and hashes. This tool also helps to recover a password, to make sure you forget your password, to mention ethical hacking professionals.
John the ripper is common because of dictionary attacks and is primarily used in bruteforce attacks. Ethical hacking iicybersecurity researcher said this method is useful because many old firms still use old versions of windows that are not good for cyber security.
CRACKING THE WINDOWS:-
In Windows, the password is typically stored in a SAM file in %SystemRoot%\system32\config. Windows is using the NTLM hash. During the boot time, the hashes in the SAM file are decrypted using SYSKEY and the hashes are loaded into the registry, which is then used for authentication purposes, according to ethical hacking practices.
Windows does not require users to copy the SAM file to another spot, so you need to use another OS to mount windows over it and copy the SAM file. Once the file is copied, the SAM file will be decrypted with SYSKEY and the password will be broken.
In the following case, we are using Kali Linux OS to install the windows partition over it.
You can use the freeware rufus available here to render the bootable disk. It's very quick to use this freeware. You just need to select the Kali Linux Iso image to make a bootable disk. After the boot disk has been developed. First, check the hard disk partition where the windows are installed.
For that type: fdisk -l
Simply boot with a bootable disk and follow the steps listed below
Step 1: CHECKING THE HARD DISK PARTITIONS
In the screen shot above, the command showed 3 partitions of the target hard disk after executing the query. By looking at the size of the partition, you will know where the target OS (Windows) is mounted.
Step 2: MOUNT
Type mkdir /mnt/CDrive for creating the directory.
For mounting the hard disk partition /dev/sda2 to CDrive directory, type mount /dev/sda2 /mnt/tmp/CDrive
Then for checking the mount point. Type ls -ltr /mnt/tmp/CDrive
Type mount to check the mounted drive
root@kali:~/temp# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) . . This is Nothing But . So Much of Output Code . So I am Skipping it - So it Doesn't Scare You . Lol, Lets get back to work .
/dev/sda2 on /mnt/CDrive type fuseblk (rw,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
In the above output, last line shows that target hard disk partition has been mounted to CDrive directory.
Step 3: COPYING THE SAM FILE
Type mkdir /tmp/temp
Type cp /mnt/CDrive/Windows/System32/config/SAM /tmp/temp
Step 4: SAM FILE
Samdump2 fetches the SYSKEY and extract hashes from windows SAM file.
For installing the samdump2 type sudo apt-get update after then type sudo apt-get install samdump2.
Step 6: COPYING THE SYSTEM FILE
Now copy the SYSKEY file, type cp /mnt/CDrive/Windows/System32/config/SYSTEM /tmp/temp
Type samdump2 SYSTEM SAM
In the above screen shot, after executing samdump2. The samdump2 will show the hashes in SAM files. In the next red marked there are 4 users on the target system.
Now type samdump2 SYSTEM SAM > hash.txt for redirect the hash output to a file named hash.txt.
Step 7: CRACKING PASSWORD USING JOHN THE RIPPER
Type john –format=LM –wordlist=/root/usr/share/john/password_john.txt hash.txt
In the above screen shot after executing above query. The wordlist will be used to crack the password. As shown above the current password for the target OS is 123456.
Attacker can also use his own wordlist for cracking the password. In kali linux many wordlists are available that can be used in cracking. For using the kali linux wordlist go to -> /usr/share/wordlists/
NOTE:- The above method will work till WINDOWS 7 Operating system. It will not work on WINDOWS 8/8.1/10