Cracking passwords with phrasen|drescher on Ubuntu 16.04

Disclaimer

This content is used to be for information use only. I do not condone any illegal activities nor bear the responsibility that may arise from the use of this information. Use at your own risk.

Nothing gets a Security Guy to drool more than to be asked to crack a password. Our security team was tasked with cracking the passphrase on a private key.

my reaction

My co-worker and I were looking for tools to choose from i.e. John the Ripper, Hydra, etc. and came across a relatively older tool (2007) called phrasen|drescher by Nico Leidecker. This tool relies on CPU computations rather than GPU computations like oclHashCat. Overall the installation and the tool are both easy and fun.

The instructions on the website are really good but I want to give you step by step instructions on installing and running phrasendrescher. For the setup script for phrasendrescher you can download that at my github or here is the tldr for the install;

sudo apt update -y && sudo apt upgrade -y
sudo apt install -y gcc libssh2-1-dev libssl-dev libgpgme11-dev make 
sudo wget http://leidecker.info/projects/phrasendrescher/phrasendrescher-1.2.2b.tar.gz
tar -zxvf phrasendrescher-1.2.2b.tar.gz
cd phrasendrescher-1.2.2b/
sudo ./configure --with-plugins
sudo make && sudo make install

Step by Step Instructions

phrasendrecher setup

Spin up a server with Ubuntu 16.04.

Update the system and install phrasendrescher

sudo apt update && sudo apt upgrade
sudo apt install -y gcc libssh2-1-dev libssl-dev libgpgme11-dev make 
sudo wget http://leidecker.info/projects/phrasendrescher/phrasendrescher-1.2.2b.tar.gz
tar -zxvf phrasendrescher-1.2.2b.tar.gz
cd phrasendrescher-1.2.2b/
sudo ./configure --with-plugins
sudo make && sudo make install

Now run the command to see if installed correctly

pd -h

Cracking Passwords

To test our cracking program we need to create a private key. Press enter for all the defaults except for password and give the key the super secure password "password".

ssh-keygen -t rsa -b 2048

Copy the private key to a directory where you can access it.

cp ~/.ssh/id_rsa privkey_crack .

Now we are going to attempt to crack the password on the private key.

pd pkey -i 4:7 -v -w 4 -K privkey_crack

Let me explain what is going on above:

pd - the program we are running to crack the private key password

pkey - the type of file we are cracking. See pd -h for the different types

-i [min character]:[max character] - setting the character limit of a minimum of four and a maximum of seven

-v - verbose mode.

-w [number] - assigned the number of workers to help do the cracking.

-K - flag to include the private key file.

Let the cracking begin

Press the space bar multiple times to see the number of attempts

Please note this may take a long time depending on your CPU processing power.

Now the easiest way in my opinion to get a quick password is to attach a wordlist with the most commonly used passwords. Let's go ahead and create a simple list.

vi passwords.txt

hit the 'i' key for insert and enter the following:

admin
password
admin1234
password1234
hamsandwich

Hit the 'esc' key and type ':x' to save and quit

This time we are adding the '-d' flag to include the password list.

pd pkey -i 4:7 -v -w 4 -d passwords.txt -K privkey_crack

Success!

In closing is this the best tool to crack passwords? No, but if you are limited on funds and do not want to invest in a GPU cluster this tool can be a good replacement.