Installing JohnTheRipper

Recently I was working on a boot2root called FourAndSix (walkthrough here), and I needed to brute force the password for an encrypted 7z archive. If you haven’t used it, JohnThe Ripper comes with all kinds of tools to pull hashes from various file types into a format the John can work with, a common example being unshadow. In this case, I found that the version of JTR that comes with kali doesn’t contain a lot of those tools, including the 7z one. There is a jumbo version out there that you can install to get access to an increased variety of tools.

I found a pretty good guide for installing this version of John here (or inserted below), and found it so useful that I wanted to save it for future use in Kali installations. So, with all due credit to webpwnized, I’m going to copy the content of his video here for future use. I encourage you to go ahead and watch the actual video if you want to set up the jumbo version of JTR, sometimes it’s better to watch along rather than read along, and he/she deserves the views for his/her work.

Before we can install our new version of JohnTheRipper, we have some prerequisites to work through. First:


apt install build-essential libssl-dev yasm libgmp-dev libpcap-dev libnss3-dev libkrb5-dev pkg-config libopenmpi-dev openmpi-bin zlib1g-dev libbz2-dev

Next, Rexgen prerequisites


apt install flex cmake bison git

Now Rexgen itself


cd /opt
git clone https://github.com/teeshop/rexgen.git
cd rexgen
./install.sh
ldconfig

Now we can download JohnTheRipper:


cd /opt
git clone https://github.com/magnumripper/JohnTheRipper.git

And install it


cd /opt/JohnTheRipper/src/
./configure --enable-mpi
make -s clean && make -sj4

Not only can this version of JTR do more, it’s a great deal faster than the version bundled with Kali. See the video below to see how to compare the two versions, webpwnized was able to get roughly 4 times faster speeds.

gpg

First things first, I have no prior experience with GNU Privacy Guard (GPG). I’ve been aware of it, and familiar with its purpose, but I have never actually used it. Time to change that! In carrying out most of this, I followed a guide here

apt update
apt install gnupg

Create a key pair

gpg --gen-key

Choose (1) RSA and RSA, set a keysize, and determine an expiration
Enter your information, and generate the key

gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/secring.gpg' created
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: User Name
Email address: your_email@address.com
Comment: <comment>
You selected this USER-ID:
"User Name (comment) &lt;your_email@address.com&gt;"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
......+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.....................+++++
....+++++
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key ████████ marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 4096R/4F2220F6 2017-12-06
Key fingerprint = ████ ████ ████ ████ ████ ████ ████ ████ ████ ████
uid User Name (comment) &lt;your_email@address.com&gt;
sub █████/███████ 2017-12-06

Create revocation certificate

gpg --output ~/revocation.crt --gen-revoke your_email@address.com

Select the reason for the revocation (I chose 0)

gpg --output revocation.crt --gen-revoke your_email@address.com
sec █████/████████ 2017-12-06 User Name (comment) &lt;your_email@address.com&gt;

Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
0 = No reason specified
1 = Key has been compromised
2 = Key is superseded
3 = Key is no longer used
Q = Cancel
(Probably you want to select 1 here)
Your decision? 0
Enter an optional description; end it with an empty line:
&gt; revocation certificate for your_email@address.com key
&gt;
Reason for revocation: No reason specified
revocation certificate for your_email@address.com key
Is this okay? (y/N) y

You need a passphrase to unlock the secret key for
user: "User Name (comment) &lt;your_email@address.com&gt;"
4096-bit RSA key, ID ████████, created 2017-12-06

gpg: gpg-agent is not available in this session
ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable. But have some caution: The print system of
your machine might store the data and make it available to others!

With that revocation certificate, you can revoke your GPG key if it should become lost or compromised. For this reason, it’s critically important that you protect it just like your private key, otherwise someone could revoke your key without your knowledge.

chmod 600 ~/revocation.crt

A few commands follow:

    • Importing Other Users’ Public Keys
gpg --import name_of_pub_key_file
gpg --keyserver pgp.mit.edu --search-keys search_parameters
    • Fingerprint public key
gpg --fingerprint your_email@address.com
    • Sign the key, telling the software to trust it
gpg --sign-key email@example.com
    • Sending back the signed key
gpg --output ~/signed.key --export --armor email@example.com
    • They can then import it, adding the signature to their database
gpg --import ~/signed.key
    • To retrieve your public key
gpg --output ~/mygpg.key --armor --export your_email@address.com

Now for the good stuff. In order to encrypt messages, do the following:

gpg --encrypt --sign --armor -r person@email.com name_of_file

If you want to be able to read the message (you made it so theoretically you don’t need to do this) then add a second -r recipient
And in order to decrypt messages, it’s pretty simple:

gpg file_name.asc

There’s no point in having a key if other people don’t have your public key. An easy way to enable that is by submitting it to public key repositories, like below. At the time of writing, pgp.mit.edu seemed to be having some issues, so I instead uploaded to keyserver.ubuntu.com. The nice thing is these keyservers exchange their entries with one another, so it’ll make it to a number of places eventually. A solid list of keyservers can be found here.

gpg --list-keys your_email@address.com
pub 4096R/311B1F84 2013-10-04
uid Test User &lt;test.user@address.com&gt;
sub 4096R/8822A56A 2013-10-04

The 311B1F84 portion is your key’s ID

gpg --send-keys --keyserver pgp.mit.edu key_id

Now in the event that your key gets compromised or lost, you can use the revocation certificate that you created previously like so

gpg import revocation.crt
gpg --key-server pgp.mit.edu --send-keys key_id

List of keyservers: link

Now there’s a whole lot more to GPG than what I’ve written, and the link I posted at the beginning of this post is a good primer on a lot of it. My purpose is to get GPG up and running, and I think that that has been achieved!

As a side note, I’ll also mention keybase.io. Their whole deal seems to be lowering the bar to using GPG and simplifying the process of verifying peoples’ online identities. You can use it to encrypt and decrypt messages from a GUI, and can chat with other users while the encryption process happens in the background. They have also recently added a ‘teams’ functionality which seems to be a response to Slack, except since everyone has GPG keys, everything is encrypted. Check it out, and give me a follow while you’re at it.