Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

ISS Presentation for John, Schemes and Mind Maps of Information Security and Markup Languages

John the ripper tool use cases and all other stuff. Enjoy man!

Typology: Schemes and Mind Maps

2023/2024

Uploaded on 11/03/2023

pranav-pawar-4
pranav-pawar-4 🇮🇳

2 documents

1 / 28

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ISS
PROJECT
ATAL BIHARI VAJPAYEE-INDIAN INSTITUTE OF INFORMATION TECHNOLOGY AND
MANAGEMENT (ABV-IIITM), GWALIOR
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c

Partial preview of the text

Download ISS Presentation for John and more Schemes and Mind Maps Information Security and Markup Languages in PDF only on Docsity!

ISS

PROJECT

ATAL BIHARI VAJPAYEE-INDIAN INSTITUTE OF INFORMATION TECHNOLOGY AND MANAGEMENT (ABV-IIITM), GWALIOR

2021IMT-

2021IMT-

2021IMT-

2021IMT-

2021IMT-

Neeraj Nagure

Pranav Pawar

Kshitij Gupta

Satyrohan Prakash

Ritik Singh

Dr. DEBANJAN SADHYA

: : : : :

CONTENTS Introduction Features Use Cases Counter Measures Advantages & Disadvantages Implementation

INTRODUCTION

John the Ripper is a widely used open-source password-cracking

software.

It was designed to test password strength, brute-force encrypted

(hashed) passwords, and crack passwords via dictionary attacks.

John the Ripper was released in 1996. And was made open source

in 1997.

It was created by a developer known by the pseudonym Solar

Designer (Alexander Peslyak).

What is John the Ripper?

Salted Hashes: When dealing with salted hashes, John the Ripper is capable of recognizing and processing the salt. Salt is a random value added to each password before hashing, and it prevents attackers from using precomputed tables like rainbow tables. John the Ripper includes different "formats" for various salted hash types. For example, if you have salted SHA-256 hashes, John the Ripper will use the appropriate format to handle them. Static Value (Pepper): A "pepper" is a fixed value added to each password before hashing, which is different from "salt" as it doesn't change for each user. Handling pepper with John the Ripper typically requires a bit more manual setup. You would need to modify the tool to incorporate the pepper into the cracking process. Depending on how the pepper is applied, you might need to create custom rules or use scripts to combine it with password candidates. Features

Password Security Assessment: Security professionals can use John the Ripper to assess the strength of user passwords within an organization. By cracking weak passwords, they can identify areas where security improvements are needed. Security Auditing: System administrators and IT security teams can perform routine password audits using John the Ripper to ensure that users are following password policies and to detect any weak or easily guessable passwords. Research and Development: Researchers and security experts can use John the Ripper to study and analyze password security, as well as to develop and test new password-cracking techniques and defenses. Uses

COUNTER MEASURES Complexity: Promote complex, non-dictionary-based passwords. Length: Encourage longer passwords (at least 12 characters). Use Strong Algorithms: Choose bcrypt, scrypt, or PBKDF2 over weaker ones like MD5 or SHA-1. Slow Hashing: Slow down the hashing process to deter cracking attempts. Implementation: Encourage or require 2FA wherever possible. Additional Security Layer: Mitigates password vulnerabilities. Strong Password Policies Hashing Algorithms Two-Factor Authentication (2FA)

COUNTER MEASURES Usage Promotion: Promote password managers for generating and storing complex passwords. Convenience and Security: Help users maintain strong, unique passwords. Regular Updates: Keep software and systems up to date with security patches. Vulnerability Mitigation: Prevent exploitation of known vulnerabilities. Whole disk encryption can prevent an intruder from accessing the OS and passwords stored on the system. Password Managers Patch and Update

Drawbacks of JTR Limited Online Capabilities: John the Ripper is primarily designed for offline password attacks, which means it is not as well-suited for online attacks against live network services as Hydra. No guarantee of success: It is computationally infeasible to always get the password as the approaches used by john are mainly brute force. If the control goes to incremental mode then it tries all possible combinations which make take much time. Dependency on wordlists: John the Ripper primarily relies on wordlists, and the effectiveness of the tool is highly dependent on the quality and comprehensiveness of the wordlist used. If the target password is not in the wordlist, John the Ripper may not succeed in cracking it. Limited to Dictionary and Rule-Based Attacks: John the Ripper primarily uses dictionary-based and rule-based attacks. It may not be as effective in cases where passwords are generated randomly or based on unpredictable factors.

Hash Types Supported

Cracking the password of .zip file using default wordlist of john the ripper

Cracking the password of .zip file using custom (rockyou.txt) dictionary.

Using Single Mode to crack the MD5 Hashes

Using Default Wordlist Mode to crack the MD Hashes