John

Common Formats

Type
Mode

$krb5asrep$23$

krb5asrep

$krb5tgs$23$

krb5tgs

NTLMv2

netntlmv2

NTLM

netntlm

Usage

john --format=<FORMAT> --wordlist=/usr/share/wordlists/rockyou.txt --fork=4 hash

Rules

To be able to use the previously created rules in JtR, we need to add a name for the rules and append them to the /etc/john/john.conf configuration file.

$ cat ssh.rule
[List.Rules:sshRules]
c $1 $3 $7 $!
c $1 $3 $7 $@
c $1 $3 $7 $#

Files

zip

zip2john <file.zip> > zip.hash

pfx (File Certificate)

pfx2john legacyy_dev_auth.pfx > pfx_hash

The extraction and decryption process from a .pfx file can be found here. The PEM pass phrase is set by us and later used to decrypt the key. It can be anything as long as it is > than 3 characters.

# extract the key and setting a PEM pass phrase
openssl pkcs12 -in legacyy_dev_auth.pfx -nocerts -out legacyy_dev_auth.key-enc
Enter Import Password:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

The .crt and .key files can be used to access a Windows host via WinRM.

evil-winrm -i 10.10.11.152 -S -k legacyy_dev_auth.key -c legacyy_dev_auth.crt

kdbx (KeePass)

The KeePass databases are stored in .kdbx files.

keepass2john Database.kdbx > keepass.hash

id_rsa (SSH)

ssh2john id_rsa > ssh.hash

Resources

Last updated

Was this helpful?