The usual everyday situation – an old file, a forgotten passwords, what can be done? It can be found by trying all possible passwords in an appropriate time using GPU, of course, if it is a human password and not 8 characters with a lowercase letter, a uppercase letter, a Cyrillic, an English, a number, a special character! You can also do it on the CPU and not on the GPU, but instead of months it will take years, it’s all about the cores in the processors, there are only a dozen cores in the CPU and there are thousands in the video card.
I chose John-the-ripper because he (John) at least showed signs of life – it worked, but of course he has a lot of quirks, but first about the quirks of Ubuntu 22!
In Ubuntu we can install it from the repositories
sudo apt-get install john-the-ripper
but it is older version 1.8 where there is no modern settings at all
You can install it via snap
sudo snap install john-the-ripper
I don’t like snap and now it’s obvious why. If you install via snap, you can’t change the installed package files on your system, well no way, even if the developers write you have to edit the config file, snap won’t let you do this. You can copy the configuration to another location, edit it and run jhon like this
john --config=./myjohn.conf ...
But but there is another problem John-the-ripper from snap in Ubuntu does not want or it cannot work with OpenCL
john --list=opencl-devices
Error: No OpenCL-capable platforms were detected by the installed OpenCL driver. Error: No OpenCL-capable devices were detected by the installed OpenCL driver.
And therefore it is necessary to install it in the third way according to the instructions herehttps://github.com/openwall/john/tree/bleeding-jumbo/doc this one INSTALL-UBUNTU
I already have the Nvidia drivers installed of course and to be honest I don’t know what helped me… here all the commands from the instructions
mkdir -p ~/src
sudo apt-get -y install git build-essential libssl-dev zlib1g-dev
this one
sudo apt-get -y install nvidia-opencl-dev
was already installed
cd ~/src
git clone https://github.com/openwall/john -b bleeding-jumbo john
cd ~/src/john/src
./configure && make -s clean && make -sj4
lets see
./src/john/run/john --list=opencl-devices
after CPU
Platform #1 name: NVIDIA CUDA, version: OpenCL 3.0 CUDA 11.7.101
Device #0 (2) name: NVIDIA RTX A4500
Device vendor: NVIDIA Corporation
Device type: GPU (LE)
Device version: OpenCL 3.0 CUDA
Driver version: 515.65.01 [recommended]
Native vector widths: char 1, short 1, int 1, long 1
Preferred vector width: char 1, short 1, int 1, long 1
Global Memory: 20183 MiB
Global Memory Cache: 1568 KiB
Local Memory: 48 KiB (Local)
Constant Buffer size: 64 KiB
Max memory alloc. size: 5045 MiB
Max clock (MHz): 1650
Profiling timer res.: 1000 ns
Max Work Group Size: 1024
Parallel compute cores: 56
CUDA INT32 cores: 3584 (56 x 64)
Speed index: 5913600
Warp size: 32
Max. GPRs/work-group: 65536
Compute capability: 8.6 (sm_86)
Kernel exec. timeout: yes
NVML id: 0
PCI device topology: 0a:00.0
PCI lanes: 16/16
Fan speed: 54%
Temperature: 79°C
Utilization: 100%
I didn’t understand the line
CUDA INT32 cores: 3584 (56 x 64)
there should be 7168 CUDA’s, exactly double that!
Password Guessing Strategy
First you need to create a file with a HASH password
./src/john/run/rar2john test_en.rar > ./output.txt
That one was for RAR and that one for ZIP
./src/john/run/zip2john test_en.rar > ./output.txt
this
test_en.rar:$rar5$16$26c27c1cc4aebf2737c7fc0c28afec80$15$260bb794536e9b71c7a28ee68587776e$8$3c88574d72c1341a
By default, John is sharp to select English passwords, there is even a list of frequently used passwords, for the test, of course, I will simplify the work for him, we will select a password only from English lowercase letters
For this in the file./src/john/run/john.conf
here
[Subsets] ... # Subsets mode charsets 0-9. These are literal strings. TAB and space # characters can be used as long as they do not come first or last. The only # "magic" used here is \U+HHHH or \U+HHHHH for any Unicode character (except # the very highest private area that has six hex digits). For example, you
instead of 6th line (they are there from 0 to 9) we add
6 = abcdefghijklmnopqrstuvwxyz
Here, by the way, the Russian alphabet is already written on the fourth line. You will have to play around with this to type the most likely characters from different languages to get the fastest result!
and run it first on the video card
./src/john/run/john --subsets=6 --format=rar5-opencl ./output.txt
–format=rar5-opencl – here 5 because the archive is the latest version of WinRAR and opencl so that it can be processed on the video card
–subsets=6 – 6th line of symbols
start the calculation
[Device 2: NVIDIA RTX A4500 Using default input encoding: UTF-8 Loaded 1 password hash (RAR5-opencl [PBKDF2-SHA256 OpenCL]) Cost 1 (iteration count) is 32768 for all loaded hashes LWS=32 GWS=131072 (4096 blocks) Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status 0g 0:00:00:00 1.00% (4) (ETA: 11:58:14) 0g/s 0p/s 0c/s 0C/s Dev#2:53°C 0g 0:00:00:03 19.73% (4) (ETA: 11:58:29) 0g/s 42974p/s 42974c/s 42974C/s Dev#2:56°C grgrgggg..yyxn
the number 4 in parentheses indicates how many characters of the password are currently being sorted, also shows the temperature of the card, just in case
More detailed information can be obtained by clicking s
Remaining hashes 1 (0 removed)
Remaining salts 1 (0 removed)
Time in seconds 817 (476.01 new)
Successful guesses 0 (0 new, 0 g/s)
Passwords tested 52953088 (30670848 new, 64433 p/s)
dupe suppressor is disabled
and it accepted 0 (0.00%, 0 p/s)
rejected 0 (0.00%, 0 p/s)
out of total 0 (0 p/s)
Hash computations 52953088 (30670848 new, 64433 c/s)
Hash combinations 52953088 (30670848 new, 64433 C/s)
Most of the buttons only update the preview where you are currently moving
0g 0:03:45:45 1.62% (7) (ETA: 2022-09-14 03:51) 0g/s 65714p/s 65714c/s 65714C/s Dev#2:82°C jehhhjheehj..ekkkkhhhehh
I have 7 letters in my password, and when I try to guess 7 letters, I realized that I have overdone it! In the ETA (estimated time of arrival in English) it showed me in five days: it is a very long search, but then I realized, no not how to speed it up, but why they ask you to change the password every 3 months, even though it’s already very complicated, because there is no computer on Earth that can brute force a complex password in three months!
here I remember Wheat and chessboard problem, as an example of what at first glance seemed insignificant, but then turned out to be enormous and impossible – and here, by the way, it started with only 2 exponentiate – and here it starts with 26 letters and is raised to itself with the sum of each character …. uh, for my test I will make a password of 4 lowercase letters!!!
And that’s it
0g 0:00:00:13 39.84% (4) (ETA: 16:00:17) 0g/s 62966p/s 62966c/s 62966C/s Dev#2:58°C oywa..bhxu itco (test_en4.rar) 1g 0:00:00:14 54.18% (4) (ETA: 16:00:10) 0.07137g/s 65489p/s 65489c/s 65489C/s Dev#2:59°C lxfc..emdz Use the "--show" option to display all of the cracked passwords reliably Session completed.
GPU finds the itco password of four lowercase English letters in 17 seconds!
Here john has a weird thing, john remembers the HASH for which he found the password and doesn’t finde for them anymore he just says.
No password hashes left to crack (see FAQ)
And it does not show you the passwords already found
./src/john/run/john --show
Password files required, but none specified
But the passwords are in his folder in the john.pot file
cat ./src/john/run/john.pot
$rar5$16$7f018d3b28b056d9d12001fb022c5a2e$15$59f623db6fa6534d7fe26f2681c6b8ba$8$2bde8da77cc53370:itco
Here it is at the end of the line.
And in order for us to start the password lookup again, we need to delete this file
rm ./src/john/run/john.pot
But there are some useful quirks in john, you can restart the password lookup from the last place when it was interrupted or crashed with an error
./src/john/run/john --restore
Here the strange thing is that there is no configuration, that is, it only works with the last search, and not all the other attempts.
What does it cost to add one more letter? Each subsequent letter only increases the search time by 26 times.
5 – 7 min
6 – 3.2 h
7 – 3.4 days
8 – 89 days
This is why everyone is told to create an 8-character password, no one will want to look for it! And if you add a capital letter, it will already be 52 exponentiate, and if it is a Cyrillic (without specifying lowercase or uppercase), then 118 AAAAAAA!
And how does it do it in CPU
17 sec 62966p/s – GPU NVIDIA RTX A4500
317 sec 2767p/s – CPU AMD Ryzen 7 3700X
On a video card, it’s almost 18 times faster – you can get a password in a couple of months instead of years 🙂
What can be done?
Recall back in the years of creating the archive, you may have created passwords with just letters; this greatly simplifies the process. If then you mixed letters from different languages and even inserted special characters then … but on the other hand, for years you did not know and did not remember about this file! A hard time guessing it for a year, and not even you will do it, but your card of video, the price of the problem (video card) is not important compared to nostalgia… and electricity also costs!
You can completely humiliate yourself and decide that you made a password from a word without numbers without capital letters, then a dictionary selection will work.
Find a dictionary of your language in a list and
./src/john/run/john –wordlist=./word_rus.utf8 –format=rar-opencl ./output.txt
Maybe yes?! But 100% sure not!
Leave a Reply