A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft.
The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic.
A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft.
The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic.
Welcome back, aspiring cyberwarriors!
John the Ripper (often called “John”) is a tool that earned a reputation as one of the most powerful and versatile in the field. Originally developed by Openwall, John has become an essential tool for penetration testers, security auditors, and anyone else who needs to assess password strength.
In this tutorial, you’ll learn how to use John the Ripper from the ground up. We’ll start with installation and basic concepts, then move through the three main password cracking modes with hands-on exercises for each. Let’s get rolling!
John the Ripper works by comparing password hashes against potential passwords. It generates candidate passwords, hashes them using the same algorithm as the target, and checks for matches. This approach is effective against various hash types, including MD5, SHA-1, SHA-256, bcrypt, and more.
In addition, the tool supports multiple platforms, including Linux, Windows, and macOS. It features multiple cracking modes, including Single, Wordlist, and Incremental approaches. John supports extensive hash formats, allowing you to crack dozens of different hash types. Besides that, you can create customizable rules to generate password variations, and the Jumbo version even includes GPU acceleration for significantly faster cracking.
John the Ripper is pre-installed on Kali Linux. Verify the installation:
kali> john
For Ubuntu/Debian, you can install John from the apt repository:
kali> sudo apt install john
Once you have installed John, try the help command to make sure your installation is working.
kali> john -h
John the Ripper offers three primary cracking modes, each suited for different scenarios.
Single Crack Mode uses information from the username to generate password variations. This mode is surprisingly effective because users often create passwords based on their usernames.
You should use Single Crack Mode as a quick first attempt, especially when you have username information available. The syntax is straightforward:
kali> john –single –format=FORMAT hashfile.txt
The mode works by taking patterns from the username and generating variations. If the username is “hacker”, John will try variations like Hacker2025, HACKER2025, hacker2025!, 2025hacker, and many more permutations based on capitalization changes, number additions, and common character substitutions.
The command for cracking will be the following:
kali> john –single –format=raw-sha256 hash.txt
And immediately, we got an output with the password.
Wordlist Mode compares hashes against a list of potential passwords from a dictionary file. This is the most commonly used mode for password cracking because it balances speed with effectiveness.
You should use Wordlist Mode when you have a good wordlist, which covers most real-world scenarios. The syntax requires specifying both the wordlist file and the hash format:
kali> john –wordlist=WORDLIST_FILE –format=FORMAT hashfile.txt
The RockYou wordlist is the most famous collection, containing over 14 million passwords leaked from the RockYou.com breach. But your cracking process should not be focused on this list. Consider creating your own wordlist, specific to your target. We’ve covered previously how to do so with tools like crunch and cupp.
But for demonstration purposes, I created a hash file with the password from a RockYou list.
The command for cracking will be the following:
kali> john –wordlist=/usr/share/wordlists/rockyou.txt –format=raw-sha256 hash.txt
Incremental Mode tries all possible character combinations. This is the most thorough but slowest method, making it suitable only for specific scenarios.
You should use Incremental Mode as a last resort, particularly for short passwords when other methods have failed. The basic syntax is:
kali> john –incremental –format=FORMAT hashfile.txt
This mode exhaustively tries every possible combination of characters, starting with single characters and working up to longer passwords. This process can take days, weeks, or even years for moderately long passwords.
The command for cracking will be the following:
kali> john –incremental –format=raw-sha256 hash.txt
In Windows, password hashes are stored in the SAM database. The SAM uses the LM/NTLM hash format for passwords, and we can use John the Ripper to crack one of these hashes. Retrieving passwords from the SAM database is beyond the scope of this article, but let’s assume you have obtained a password hash for a Windows user. Here is the command to crack it:
kali> john –format=NT ntlm_hash.txt
This command will use a Single mode for cracking by default.
In Linux, two important files are stored in the /etc directory: passwd and shadow. The passwd file contains information such as the username, user ID, and login shell, while the shadow file holds the password hash, expiration details, and other related data.
Besides the main “john” command, John the Ripper includes several additional utilities, one of which is called unshadow. This tool merges the passwd and shadow files into a single combined file that John can process when cracking passwords.
Here is how you use the unshadow command:
kali> unshadow passwd shadow > hash.txt
This command will combine the files and create a hash.txt file. Now, we can crack the hash using John. But here is a thing: Kali Linux’s John the Ripper doesn’t readily detect the hash type of Linux (crypt). If you omit the — format flag below, John won’t crack anything at all. So the command will be as follows:
kali> john –format=crypt hash.txt
John the Ripper is a robust tool for cracking passwords. It compares password hashes against potential passwords using various algorithms and is compatible with many types of hashes.
This tool works on a bunch of different platforms and is made to use energy wisely, which is why it’s a favorite among security experts and aspiring hackers. With security needs on the rise, John the Ripper is still a strong and valuable tool in the world of cybersecurity.
Hello aspiring Ethical hackers. In this article, you will learn what is password cracking and various types of password cracking. In Ethical hacking, password cracking is recovering passwords from data that has been stored in or transmitted by a computer system. Hackers use password cracking to grab credentials which can be helpful in further exploiting […]
The post Password Cracking for Beginners appeared first on Hackercool Magazine.
Check out the article here.As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway from the data is businesses still control their own destiny when it comes to cloud security. Misconfigurations across applications, databases and policies could have stopped two-thirds of breached cloud environments observed by IBM in this year’s report.
IBM’s 2021 X-Force Cloud Security Threat Landscape Report has expanded from the 2020 report with new and more robust data, spanning Q2 2020 through Q2 2021. Data sets we used include dark web analysis, IBM Security X-Force Red penetration testing data, IBM Security Services metrics, X-Force Incident Response analysis and X-Force Threat Intelligence research. This expanded dataset gave us an unprecedented view across the whole technology estate to make connections for improving security. Here are some quick highlights:
More and more businesses are recognizing the business value of hybrid cloud and distributing their data across a diverse infrastructure. In fact, the 2021 Cost of a Data Breach Report revealed that breached organizations implementing a primarily public or private cloud approach suffered approximately $1 million more in breach costs than organizations with a hybrid cloud approach.
With businesses seeking heterogeneous environments to distribute their workloads and better control where their most critical data is stored, modernization of those applications is becoming a point of control for security. The report is putting a spotlight on security policies that don’t encompass the cloud, increasing the security risks businesses are facing in disconnected environments. Here are a few examples:
Many businesses don’t have the same level of confidence and expertise when configuring security controls in cloud computing environments compared to on-premise, which leads to a fragmented and more complex security environment that is tough to manage. Organizations need to manage their distributed infrastructure as one single environment to eliminate complexity and achieve better network visibility from cloud to edge and back. By modernizing their mission critical workloads, not only will security teams achieve speedier data recovery, but they will also gain a vastly more holistic pool of insights around threats to their organization that can inform and accelerate their response.
Evidence is mounting every day that the perimeter has been obliterated and the findings in the report just add to that corpus of data. That is why taking a zero trust approach is growing in popularity and urgency. It removes the element of surprise and allows security teams to get ahead of any lack of preparedness to respond. By applying this framework, organizations can better protect their hybrid cloud infrastructure, enabling them to control all access to their environments and to monitor cloud activity and proper configurations. This way organizations can go on offense with their defense, uncovering risky behaviors and enforcing privacy regulation controls and least privilege access. Here’s some of the evidence derived from the report:
The recycling use of these attack vectors emphasizes that threat actors are repetitively relying on human error for a way into the organization. It’s imperative that businesses and security teams operate with the assumption of compromise to hold the line.
Cloud resources are providing an excess of corporate footholds to cyber actors, drawing attention to the tens of thousands of cloud accounts available for sale on illicit marketplaces at a bargain. The report reveals that nearly 30,000 compromised cloud accounts are on display on the dark web, with sales offers that range from a few dollars to over $15,000 (depending on geography, amount of credit on the account and level of account access) and enticing refund policies to sway buyers’ purchasing power.
But that’s not the only cloud “tool” for sale on dark web markets with our analysis highlighting that Remote Desktop Protocol (RDP) accounts for more than 70% of cloud resources for sale — a remote access method that greatly exceeds any other vector being marketed. While illicit marketplaces are the optimal shopping grounds for threat actors in need of cloud hacks, concerning us the most is a persistent pattern in which weak security controls and protocols — preventable forms of vulnerability — are repeatedly exploited for illicit access.
To read our comprehensive findings and learn about detailed actions organizations can take to protect their cloud environments, review our 2021 X-Force Cloud Security Threat Landscape here.
Want to hear from an expert? Schedule a consultation with an X-Force team member and register for our cloud security webinar to learn more.
The post X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments appeared first on Security Intelligence.
Last week in security news, a researcher found that malicious actors had abused the details of a test credit card just two hours after he posted the information online. The security community also learned of a survey in which three-quarters of respondents said that they had required a password reset after forgetting one of their personal passwords in the previous three months. Finally, researchers tracked several new malware samples along with a now-fixed WhatsApp vulnerability.
David Greenwood, a security researcher on the ThreatPipes team, wanted to find out how information posted online spreads throughout the internet and dark web. So he purchased an anonymous, prepaid Visa credit card and posted its full credentials on several paste sites. He then sat back and waited.
It took all of two hours until digital attackers sprang into action. They did so by using bots and scripts to make small purchases using the credit card information from a well-known retailer located in the U.K.
Source: iStock
Security professionals can help organizations protect their valuable data by using artificial intelligence (AI)-driven tools and automated monitoring solutions to gain intelligent visibility into the network. They can then use that visibility to monitor for suspicious activity that could be indicative of a threat moving laterally across the network.
In support of this monitoring activity, security teams should also consider embracing a zero-trust model for the purpose of setting up micro-perimeters on the cloud and elsewhere.
The post Weekly Security News Roundup: Exposed Credit Card Details Abused Within 2 Hours appeared first on Security Intelligence.
Login