Skip to content

TryHackMe Writeups

Johntheripper0

TryHackMe Writeups

Home
Crackthehash
Cyberadventtemplate
Template
25daysofchristmas
25daysofchristmas
- 25daysofchristmas
Adv3nt0fdbopsjcap
Adv3nt0fdbopsjcap
- Adv3nt0fdbopsjcap
Adventofcyber2
Adventofcyber2
- Adventofcyber2
Adventofcyber2023
Adventofcyber2023
- Adventofcyber2023
Adventofcyber2024
Adventofcyber2024
- Adventofcyber2024
Adventofcyber23sidequest
Adventofcyber23sidequest
- Adventofcyber23sidequest
Agentsudoctf
Agentsudoctf
- Agentsudoctf
Anonymous
Anonymous
- Anonymous
Auditingandmonitoringse
Auditingandmonitoringse
- Auditingandmonitoringse
Authenticationbypass
Authenticationbypass
- Authenticationbypass
Blaster
Blaster
- Blaster
Blue
Blue
- Blue
Bof1
Bof1
- Bof1
Breachingad
Breachingad
- Breachingad
Breakrsa
Breakrsa
- Breakrsa
Burpsuitebasics
Burpsuitebasics
- Burpsuitebasics
Burpsuiteintruder
Burpsuiteintruder
- Burpsuiteintruder
Burpsuiteom
Burpsuiteom
- Burpsuiteom
Burpsuiterepeater
Burpsuiterepeater
- Burpsuiterepeater
Codeanalysis
Codeanalysis
- Codeanalysis
Commonlinuxprivesc
Commonlinuxprivesc
- Commonlinuxprivesc
Contentdiscovery
Contentdiscovery
- Contentdiscovery
Cowboyhacker
Cowboyhacker
- Cowboyhacker
Crackthehash
Crackthehash
- Crackthehash
Cryptographyintro
Cryptographyintro
- Cryptographyintro
Cybergovernanceregulation
Cybergovernanceregulation
- Cybergovernanceregulation
Dastzap
Dastzap
- Dastzap
Dataxexfilt
Dataxexfilt
- Dataxexfilt
Easyctf
Easyctf
- Easyctf
Encryptioncrypto101
Encryptioncrypto101
- Encryptioncrypto101
Enumerationpe
Enumerationpe
- Enumerationpe
Fileinc
Fileinc
- Fileinc
Hydra
Hydra
- Hydra
Ice
Ice
- Ice
Intronetworksecurity
Intronetworksecurity
- Intronetworksecurity
Johntheripper0
Johntheripper0
- Johntheripper0 Johntheripper0
  Table of contents
  - Table of contents
    
    Setting up John the Ripper
    
    Wordlists
    
    Cracking Basic Hashes
    
    Cracking Windows Authentication Hashes
    
    Cracking /etc/shadow Hashes
    
    Single Crack Mode
    
    Custom Rules
    
    Cracking Password Protected Zip Files
    
    Cracking Password Protected RAR Archives
    
    Cracking SSH Keys with John
Kenobi
Kenobi
- Kenobi
Linprivesc
Linprivesc
- Linprivesc
Linuxfundamentalspart1
Linuxfundamentalspart1
- Linuxfundamentalspart1
Linuxfundamentalspart2
Linuxfundamentalspart2
- Linuxfundamentalspart2
Linuxfundamentalspart3
Linuxfundamentalspart3
- Linuxfundamentalspart3
Linuxprivesc
Linuxprivesc
- Linuxprivesc
Linuxsystemhardening
Linuxsystemhardening
- Linuxsystemhardening
Malmalintroductory
Malmalintroductory
- Malmalintroductory
Metasploitexploitation
Metasploitexploitation
- Metasploitexploitation
Meterpreter
Meterpreter
- Meterpreter
Netsecchallenge
Netsecchallenge
- Netsecchallenge
Ohsint
Ohsint
- Ohsint
Operatingsystemsecurity
Operatingsystemsecurity
- Operatingsystemsecurity
Owaspjuiceshop
Owaspjuiceshop
- Owaspjuiceshop
Owasptop102021
Owasptop102021
- Owasptop102021
Passwordattacks
Passwordattacks
- Passwordattacks
Picklerick
Picklerick
- Picklerick
Postexploit
Postexploit
- Postexploit
Powershell
Powershell
- Powershell
Printerhacking101
Printerhacking101
- Printerhacking101
Redteamrecon
Redteamrecon
- Redteamrecon
Rpnessusredux
Rpnessusredux
- Rpnessusredux
Rrootme
Rrootme
- Rrootme
Sast
Sast
- Sast
Seriskmanagement
Seriskmanagement
- Seriskmanagement
Shodan
Shodan
- Shodan
Sql injection
Sql injection
- Sql injection
Steelmountain
Steelmountain
- Steelmountain
Thelayoftheland
Thelayoftheland
- Thelayoftheland
Threatmodelling
Threatmodelling
- Threatmodelling
Traverse
Traverse
- Traverse
Uploadvulns
Uploadvulns
- Uploadvulns
Vulnerabilitycapstone
Vulnerabilitycapstone
- Vulnerabilitycapstone
Vulnerabilitymanagementkj
Vulnerabilitymanagementkj
- Vulnerabilitymanagementkj
Vulnversity
Vulnversity
- Vulnversity
Walkinganapplication
Walkinganapplication
- Walkinganapplication
Weaponization
Weaponization
- Weaponization
Winadbasics
Winadbasics
- Winadbasics
Windows10privesc
Windows10privesc
- Windows10privesc
Windowsfundamentals1
Windowsfundamentals1
- Windowsfundamentals
Windowsfundamentals2
Windowsfundamentals2
- Windowsfundamentals2
Windowsfundamentals3
Windowsfundamentals3
- Windowsfundamentals3
Windowslocalpersistence
Windowslocalpersistence
- Windowslocalpersistence
Windowsprivesc20
Windowsprivesc20
- Windowsprivesc20
Wiresharkpacketoperations
Wiresharkpacketoperations
- Wiresharkpacketoperations
Wiresharkthebasics
Wiresharkthebasics
- Wiresharkthebasics
Wonderland
Wonderland
- Wonderland

John The Ripper Banner

John The Ripper Logo

John The Ripper

This guide contains the answer and steps necessary to get to them for the John The Ripper room.

Table of contents

Setting up John the Ripper
Wordlists
Cracking Basic Hashes
Cracking Windows Authentication Hashes
Cracking /etc/shadow Hashes
Single Crack Mode
Custom Rules
Cracking Password Protected Zip Files
Cracking Password Protected RAR Archives
Cracking SSH Keys with John

Setting up John the Ripper

What is the most popular extended version of John the Ripper?

Click for answer
Jumbo John

Wordlists

What website was the rockyou.txt wordlist created from a breach on?

Click for answer
rockyou.com

Cracking Basic Hashes

What type of hash is hash1.txt?

The types can all be found using hash-identifier.

Basic 1 Hash

Click for answer
MD5

What is the cracked value of hash1.txt?

The correct format here is raw-md5.

john hash1.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md5

Basic 1 Value

Click for answer
biscuit

What type of hash is hash2.txt?

Basic 2 Hash

Click for answer

What is the cracked value of hash2.txt

The correct format here is raw-sha1.

john hash2.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-sha1

BASIC 2 VALUE

Click for answer
kangeroo

What type of hash is hash3.txt?

Basic 3 Hash

Click for answer
SHA256

What is the cracked value of hash3.txt

The correct format here is raw-sha256.

john hash3.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-sha256

Basic 3 Value

Click for answer
microphone

What type of hash is hash4.txt?

Basic 4 Hash

After testing, SHA-512 didn't seem to work.

Click for answer
Whirlpool

What is the cracked value of hash4.txt

The correct format here is whirlpool.

john hash4.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=whirlpool

Basic 4 Value

Click for answer
colossal

Cracking Windows Authentication Hashes

What do we need to set the "format" flag to, in order to crack this?

As the name comes from NTHash, 'NT' might be a first guess. Looking at the available formats we can see this is indeed the case.

john --list=formats | grep -iF "nt"

Windows Format

Click for answer
NT

What is the cracked value of this password?

We can use the following command with John to crack the NTLM hash.

john ntlm.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=nt

Windows Value

Click for answer
mushroom

Cracking /etc/shadow Hashes

What is the root password?

For this question we can do multiple things. One is to simple copy the hash into a separate file and crack it with John. Or we can split the entries into their respective files and with unshadow create a single file we can use in John. For now I will use the latter method.

unshadow passwd.txt shadow.txt > Passwords.txt

Shadow File

This gives us one file with the hash and username.

john Passwords.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt

Shadow Value

Click for answer
1234

Single Crack Mode

What is Joker's password?

First we need to add the username in front of the hash, then we can use Johns single mode cracking.

joker:<hash>

john --single --format=raw-md5 hash7.txt

Single Value

Click for answer
Jok3r

Custom Rules

What do custom rules allow us to exploit?

This answer can be found in the text.

Click for answer
password complexity predictability

What rule would we use to add all capital letters to the end of the word?

Using the information from the text we can get the answer.

Click for answer
Az"[A-Z]"

What flag would we use to call a custom rule called "THMRules"

This can be found in the text.

Click for answer
--rule=THMRules

Cracking Password Protected Zip Files

What is the password for the secure.zip file?

We first use zip2john to get a hash and then pass that through to john.

zip2john secure.zip > ziphash.txt

john --wordlist=/usr/share/wordlists/rockyou.txt ziphash.txt

Zip Password

Click for answer
pass123

What is the contents of the flag inside the zip file?

Zip Flag

Click for answer
THM{w3ll_d0n3_h4sh_r0y4l}

Cracking Password Protected RAR Archives

What is the password for the secure.rar file?

We first use rar2john to get a hash and then pass that through to john.

rar2john secure.rar > rarhash.txt

john --wordlist=/usr/share/wordlists/rockyou.txt rarhash.txt

Rar Password

Click for answer
password

What is the contents of the flag inside the zip file?

Rar Flag

Click for answer
THM{r4r_4rch1ve5_th15_t1m3}

Cracking SSH Keys with John

What is the SSH private key password?

We first use ssh2john to get a hash and then pass that through to john.

ssh2john idrsa.id_rsa > sshhash.txt

john --wordlist=/usr/share/wordlists/rockyou.txt sshhash.txt

Ssh Password

Click for answer
mango