Cybersecurity：Attack and Defense Strategies

上QQ阅读APP看书，第一时间看更新

John the Ripper

This a powerful password-cracking tool available on Linux and Windows operating systems that is used by hackers to perform dictionary attacks. The tool is used to retrieve the actual user passwords from encrypted databases of desktop or web-based systems and applications. The tool works by sampling commonly used passwords and then encrypting them with the same algorithm and key used by a given system. The tool does a comparison between its results and those that have been stored in the database to see if there are matches.

The tool cracks passwords in only two steps. First, it identifies the encryption type of a password. It could be RC4, SHA, or MD5, among other common encryption algorithms. It also looks at whether the encryption is salted.

Salted means that extra characters have been added to the encryption to make it more difficult to go back to the original password.

In the second step, the tool attempts to retrieve the original password by comparing the hashed password with many other hashes stored in its database. Figure 4 shows a screenshot of John the Ripper recovering a password from an encrypted hash:

Figure 4: Screenshot of John the Ripper recovering an encrypted password