1
00:00:00,870 --> 00:00:05,370
In this lecture, we are going to see how we can hack office passwords with John.

2
00:00:06,630 --> 00:00:11,130
We will be able to recover word, Excel and PowerPoint passwords with this method.

3
00:00:12,260 --> 00:00:17,450
Don Draper is one of the most popular password cracking tools available in most penetration testing,

4
00:00:17,450 --> 00:00:21,650
dining distributions like Kleenex, better tools, or SECTRA.

5
00:00:22,610 --> 00:00:28,190
This tool has a user friendly command interface and the ability to detect most password types.

6
00:00:29,110 --> 00:00:33,630
This lesson will dive deep into John Draper, show you how it works.

7
00:00:33,640 --> 00:00:36,070
Explain why you need it for security testing.

8
00:00:38,090 --> 00:00:40,280
No, the concept of the tag is very simple.

9
00:00:40,790 --> 00:00:47,360
We are going to get the hash from this file and then we are going to use John to crack this hash.

10
00:00:47,810 --> 00:00:51,680
So you must have a Linux store in VMware or a virtual box.

11
00:00:52,680 --> 00:00:55,140
First of all, prepare a password protected word file.

12
00:00:55,860 --> 00:00:57,960
You can create a word file in windows.

13
00:00:58,140 --> 00:01:00,540
Go to your options and give it a password.

14
00:01:03,090 --> 00:01:03,390
No.

15
00:01:03,390 --> 00:01:06,210
Transfer the file from windows machine to the machine.

16
00:01:06,690 --> 00:01:11,730
You can directly copy files to VMware or you can also use a USB due to copy the file.

17
00:01:13,130 --> 00:01:16,310
You'll get the hash of the document with the following command in the terminal.

18
00:01:17,270 --> 00:01:22,940
Here, correct me is the password protected file and hashed or text is a text file that will contain

19
00:01:22,940 --> 00:01:24,950
our hash that is required to be correct.

20
00:01:29,670 --> 00:01:31,920
Craig the password with the following command.

21
00:01:32,220 --> 00:01:36,240
John urge to don't text here has to do text.

22
00:01:36,240 --> 00:01:39,300
File is the file that contains our hash for the document file.

23
00:01:40,180 --> 00:01:43,860
No, John will start cracking the password by default.

24
00:01:43,950 --> 00:01:46,320
It will first try with a single code attack.

25
00:01:46,650 --> 00:01:49,950
It will check the combination of file names for passwords.

26
00:01:50,520 --> 00:01:56,340
Then it will go for the default dictionary and then it will start forcing the password.

27
00:01:58,530 --> 00:02:01,740
Once the password is cracked, it will be displayed on screen.

28
00:02:03,150 --> 00:02:07,290
You can also check the correct password show parameter which on command.

29
00:02:11,620 --> 00:02:15,640
The drone is a very powerful tool and it has some additional attacks.

30
00:02:17,010 --> 00:02:21,770
For example, run John Foster and use it with multiple processes.

31
00:02:21,780 --> 00:02:25,830
We can use a fog flag, for example.

32
00:02:25,830 --> 00:02:29,490
I'm using 434 is equal to three, tells John.

33
00:02:29,490 --> 00:02:35,460
The three processes must be created for the password, which is very useful in multicore processes.

34
00:02:38,120 --> 00:02:41,750
Proposed the dawn in traditionally attack with inbuilt dictionary.

35
00:02:41,780 --> 00:02:44,090
You can give the flag the W.

36
00:02:50,010 --> 00:02:56,040
If you want to use the judiciary, you need to prepare your judiciary file first and compress it with

37
00:02:56,040 --> 00:02:57,120
the given commands.

38
00:02:58,170 --> 00:02:59,460
Then you can use the rock.

39
00:02:59,460 --> 00:03:02,190
You got text dictionary with the joint command.

40
00:03:11,070 --> 00:03:14,130
This is another very powerful attack called mosque attack.

41
00:03:14,400 --> 00:03:20,040
If you know the number of digits or type of bars where you can use the mosque attack to give a mosque,

42
00:03:20,040 --> 00:03:21,370
you can use the flag.

43
00:03:21,390 --> 00:03:22,050
John.

44
00:03:22,650 --> 00:03:30,660
Mark, and give us what example this question mark the and question mark and question mark, which means

45
00:03:30,660 --> 00:03:32,430
that we have a three digit password.

46
00:03:37,520 --> 00:03:38,290
For some reasons.

47
00:03:38,300 --> 00:03:44,510
If you want to clear the John Cash to remove your password, you can remove the John Doe file.

48
00:03:45,570 --> 00:03:47,910
Well, let's see how it actually works.

49
00:03:50,500 --> 00:03:53,020
First of all, create a microsoft Word document.

50
00:03:53,350 --> 00:03:54,970
Write some content in it.

51
00:03:57,110 --> 00:03:58,670
Save it on desktop.

52
00:04:09,070 --> 00:04:10,180
Go to tools.

53
00:04:11,360 --> 00:04:12,530
Unit options.

54
00:04:13,420 --> 00:04:14,260
And give it a pass.

55
00:04:15,730 --> 00:04:18,579
I'm going to give it a pass for the one, two, three, four, five, six.

56
00:04:24,460 --> 00:04:25,510
And click Save.

57
00:04:28,640 --> 00:04:33,560
Now I want to create another file so that we may try different attacks against these files.

58
00:04:34,890 --> 00:04:40,140
Now again, save the file, give it a name, drag me to the text and give it a password of one, two,

59
00:04:40,140 --> 00:04:40,620
three.

60
00:04:51,820 --> 00:04:52,120
No.

61
00:04:52,120 --> 00:04:54,040
You have two files on your desktop.

62
00:04:54,220 --> 00:04:54,700
This copy.

63
00:04:54,700 --> 00:04:55,720
These two files.

64
00:04:59,620 --> 00:05:01,360
And move them to the collie box.

65
00:05:04,270 --> 00:05:07,510
You must ensure that you place them in the home directory.

66
00:05:20,580 --> 00:05:21,660
Open the terminal.

67
00:05:25,690 --> 00:05:28,720
And you can see with the command that our files are visible.

68
00:05:31,040 --> 00:05:36,380
They use the command office to Don Craig X into text.

69
00:05:42,720 --> 00:05:45,450
And we are going to convert the second file as well.

70
00:05:51,360 --> 00:05:51,600
No.

71
00:05:51,600 --> 00:05:54,090
We have hash files for both these files.

72
00:05:57,390 --> 00:05:57,660
No.

73
00:05:57,660 --> 00:05:58,980
Let's see the drone before the.

74
00:06:02,360 --> 00:06:09,830
Just give the command, John, as to text and press enter and it will automatically start cracking the

75
00:06:09,830 --> 00:06:10,550
password.

76
00:06:12,540 --> 00:06:15,450
You can see that Dawn first single core attack.

77
00:06:18,900 --> 00:06:23,520
And then use the inventory with which it was able to create the password.

78
00:06:24,300 --> 00:06:26,820
And our password, 1 to 3 is shown on the screen.

79
00:06:32,920 --> 00:06:34,360
To seek the correct passwords.

80
00:06:34,360 --> 00:06:37,540
You can give the command, John, with your flag.

81
00:06:43,090 --> 00:06:43,360
No.

82
00:06:43,360 --> 00:06:48,070
Let's see how we can run multiple processes of John to speed up the cracking process.

83
00:06:49,540 --> 00:06:50,630
Just give the command.

84
00:06:50,650 --> 00:06:58,300
John has two techs with four flags set to three and we get an error as we have already cracked the password.

85
00:06:58,300 --> 00:07:02,500
So it is giving an error that there is no password hashes left to correct.

86
00:07:02,530 --> 00:07:04,480
Now let's clear John cache.

87
00:07:05,410 --> 00:07:10,120
Just find your own file in calling machine with fine command.

88
00:07:11,220 --> 00:07:13,290
Then use the remote command to delete it.

89
00:07:15,220 --> 00:07:17,920
Well, you can use the dawn with full flag again.

90
00:07:19,710 --> 00:07:23,940
No, you can say that it has created three different processes to correct the password.

91
00:07:27,140 --> 00:07:32,990
In this manner, our tracking process will be much faster and we will be able to collect password easily

92
00:07:32,990 --> 00:07:34,790
in small amount of time.

93
00:07:42,240 --> 00:07:42,600
No.

94
00:07:42,600 --> 00:07:45,990
Let's see how we can force John to use the attack first.

95
00:07:46,830 --> 00:07:48,720
Just give the W flag to John.

96
00:07:49,860 --> 00:07:53,330
Then the john will try the dictionary to tag the password.

97
00:07:56,930 --> 00:07:59,950
You can see that it has found the password with the revolutionary.

98
00:08:00,950 --> 00:08:03,590
You can use the show flag to see the password again.

99
00:08:10,600 --> 00:08:13,480
Now let's see how we can use this equation.

100
00:08:14,020 --> 00:08:16,090
First of all, look at the dictionary.

101
00:08:20,860 --> 00:08:26,740
And then uncompressed it with the gunship command, displays the complete link with the command and

102
00:08:26,740 --> 00:08:29,020
would automatically uncompressed it.

103
00:08:31,090 --> 00:08:35,289
They use the dawn with the blue flag while giving the full part of what traditionally.

104
00:08:37,970 --> 00:08:41,870
Then you can see that it was able to create a path for a visionary.

105
00:08:44,500 --> 00:08:44,740
No.

106
00:08:44,740 --> 00:08:45,220
Let's see.

107
00:08:45,220 --> 00:08:46,110
The last attack.

108
00:08:46,150 --> 00:08:47,050
The mosque attack.

109
00:08:48,450 --> 00:08:50,940
Now we know that the password had be years.

110
00:08:51,300 --> 00:08:53,370
You can give the mask of three digits.

111
00:08:54,150 --> 00:08:54,830
Question mark.

112
00:08:54,840 --> 00:08:56,070
The question mark the end.

113
00:08:56,070 --> 00:08:57,120
Question mark the.

114
00:09:00,820 --> 00:09:01,900
And under command.

115
00:09:06,010 --> 00:09:09,530
Pentagon will try to brute force the password.

116
00:09:09,540 --> 00:09:11,070
As for the given masks.

117
00:09:16,160 --> 00:09:18,980
If you press, you will be able to see the progress.

118
00:09:20,470 --> 00:09:22,600
So you can see that our password has been correct.

119
00:09:24,150 --> 00:09:27,420
To see the correct password again, you can use the show flag again.

120
00:09:30,550 --> 00:09:35,350
So in this lecture, we saw different methods to crack office passwords with John Poole.

121
00:09:35,770 --> 00:09:39,190
I hope you like this lecture and see you in the next lecture.