This content is used to be for information use only. I do not condone any illegal activities nor bear the responsibility that may arise from the use of this information. Use at your own risk.
Nothing gets a Security Guy to drool more than to be asked to crack a password. Our security team was tasked with cracking the passphrase on a private key.
My co-worker and I were looking for tools to choose from i.e. John the Ripper, Hydra, etc. and came across a relatively older tool (2007) called phrasen|drescher by Nico Leidecker. This tool relies on CPU computations rather than GPU computations like oclHashCat. Overall the installation and the tool are both easy and fun.
The instructions on the website are really good but I want to give you step by step instructions on installing and running phrasendrescher. For the setup script for phrasendrescher you can download that at my github or here is the tldr for the install;
sudo apt update -y && sudo apt upgrade -y sudo apt install -y gcc libssh2-1-dev libssl-dev libgpgme11-dev make sudo wget http://leidecker.info/projects/phrasendrescher/phrasendrescher-1.2.2b.tar.gz tar -zxvf phrasendrescher-1.2.2b.tar.gz cd phrasendrescher-1.2.2b/ sudo ./configure --with-plugins sudo make && sudo make install
Spin up a server with Ubuntu 16.04.
Update the system and install phrasendrescher
sudo apt update && sudo apt upgrade sudo apt install -y gcc libssh2-1-dev libssl-dev libgpgme11-dev make sudo wget http://leidecker.info/projects/phrasendrescher/phrasendrescher-1.2.2b.tar.gz tar -zxvf phrasendrescher-1.2.2b.tar.gz cd phrasendrescher-1.2.2b/ sudo ./configure --with-plugins sudo make && sudo make install
Now run the command to see if installed correctly
To test our cracking program we need to create a private key. Press enter for all the defaults except for password and give the key the super secure password "password".
ssh-keygen -t rsa -b 2048
Copy the private key to a directory where you can access it.
cp ~/.ssh/id_rsa privkey_crack .
Now we are going to attempt to crack the password on the private key.
pd pkey -i 4:7 -v -w 4 -K privkey_crack
Let me explain what is going on above:
pd - the program we are running to crack the private key password
pkey - the type of file we are cracking. See pd -h for the different types
-i [min character]:[max character] - setting the character limit of a minimum of four and a maximum of seven
-v - verbose mode.
-w [number] - assigned the number of workers to help do the cracking.
-K - flag to include the private key file.
Let the cracking begin
Press the space bar multiple times to see the number of attempts
Please note this may take a long time depending on your CPU processing power.
Now the easiest way in my opinion to get a quick password is to attach a wordlist with the most commonly used passwords. Let's go ahead and create a simple list.
hit the 'i' key for insert and enter the following:
admin password admin1234 password1234 hamsandwich
Hit the 'esc' key and type ':x' to save and quit
This time we are adding the '-d' flag to include the password list.
pd pkey -i 4:7 -v -w 4 -d passwords.txt -K privkey_crack
In closing is this the best tool to crack passwords? No, but if you are limited on funds and do not want to invest in a GPU cluster this tool can be a good replacement.
I'm an Information Security Professional living in the heart of the Midwest. I have a passion for Information Security and a technology junkie. Connect with me on Twitter: @jeredbare