John
Common Formats
Type
Mode
$krb5asrep$23$
krb5asrep
$krb5tgs$23$
krb5tgs
NTLMv2
netntlmv2
NTLM
netntlm
Usage
john --format=<FORMAT> --wordlist=/usr/share/wordlists/rockyou.txt --fork=4 hash
Rules
To be able to use the previously created rules in JtR
, we need to add a name for the rules and append them to the /etc/john/john.conf
configuration file.
$ cat ssh.rule
[List.Rules:sshRules]
c $1 $3 $7 $!
c $1 $3 $7 $@
c $1 $3 $7 $#
Files
zip
zip2john <file.zip> > zip.hash
pfx (File Certificate)
pfx2john legacyy_dev_auth.pfx > pfx_hash
The extraction and decryption process from a .pfx
file can be found here. The PEM pass phrase is set by us and later used to decrypt the key. It can be anything as long as it is > than 3 characters.
# extract the key and setting a PEM pass phrase
openssl pkcs12 -in legacyy_dev_auth.pfx -nocerts -out legacyy_dev_auth.key-enc
Enter Import Password:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
The .crt
and .key
files can be used to access a Windows host via WinRM.
evil-winrm -i 10.10.11.152 -S -k legacyy_dev_auth.key -c legacyy_dev_auth.crt
kdbx (KeePass)
The KeePass databases are stored in .kdbx
files.
keepass2john Database.kdbx > keepass.hash
id_rsa (SSH)
ssh2john id_rsa > ssh.hash
Resources
Last updated
Was this helpful?