Help ssh2john

edited November 2019 in Tools
I took id_rsa and did that:
Ssh2john id_rsa > crack.txt

John wordlist(rockyou) crack.txt

But John don't display me the password im sure that the password is into rockyou...
Time to finish bruteforce : 2020...

LITTLE EDIT: i have created rsa_id with ssh-keygen to test john with little wordlist and john get in output with wrong password... (the password that i entered was password123)
Tagged:
«1

Comments

  • edited November 2019

    we can discuss on PM.

    1nitiative

  • John should not try bruteforcing if you define a wordlist.

    Can you paste the exact commant to this post?

  • Type your comment> @cpc6128 said:
    > John should not try bruteforcing if you define a wordlist.
    >
    > Can you paste the exact commant to this post?

    john --wordlist=/usr/share/wordlists/rockyou.txt /root/crack.txt
  • I usually use the syntax john <hashfile> --wordlist=<wordlist>

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @clubby789 said:
    > I usually use the syntax john <hashfile> --wordlist=<wordlist>

    The same thing happens...
  • Can you paste your ssh hash?

  • Or even better the id_rsa file

  • ssh2john id_rsa > crack
    john --format=SSH --wordlist=rockyou crack
    when it's done
    john crack --show

  • Type your comment> @crash0 said:
    > ssh2john id_rsa > crack
    > john --format=SSH --wordlist=rockyou crack
    > when it's done
    > john crack --show

    It don't work for me, john finish in 2020 lol, and if i interrupt the brute john - - show crack = 0 password found 1 hash left
  • > @cpc6128 said:
    > Or even better the id_rsa file

    Here id_rsa clean
    And id_rsa after ssh2john

    https://pastebin.com/z8bEWDDY
  • Thank you. I think the cracking issue is related to bcrypt.
    My VM is only doing 20-30 Hashes per Second!

    Where did you get this id_rsa file ?!?

  • Type your comment> @cpc6128 said:
    > Thank you. I think the cracking issue is related to bcrypt.
    > My VM is only doing 20-30 Hashes per Second!
    >
    > Where did you get this id_rsa file ?!?

    Ssh-keygen
    But the problem is with all id_rsa, for example box traverxec(rooted) i can't decode with ssh2jhn
  • Type your comment> @xVoid said:

    Ssh-keygen
    But the problem is with all id_rsa, for example box traverxec(rooted) i can't decode with ssh2jhn

    ssh2john converts the private key to a format that john can crack it. You output this as a file and then you run john on it

  • I have also root at traverxec. So just drop a message, if we should have a look at the problem.
  • Type your comment> @cpc6128 said:
    > I have also root at traverxec. So just drop a message, if we should have a look at the problem.
    I rooted too traverxec
    But the problem persist
  • Type your comment> @crash0 said:
    > Type your comment> @xVoid said:
    >
    > (Quote)
    > ssh2john converts the private key to a format that john can crack it. You output this as a file and then you run john on it

    I tryed too ssh2john id_rsa > crack(not txt)
  • can anyone help me on "couldn't parse file" error while coverting RSA key with ssh2john.py.

  • can you copy and paste the begin and the end from the rsa file?

    there is no place like 127.0.0.1
  • edited February 2020

    Try this:
    john --wordlist=/usr/share/wordlists/rockyou.txt crack.txt

    Assuming your rockyou list is still in /usr/share/wordlists... otherwise include your file path

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • @Beast01 PM me if ur still having a problem

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • ty i got this

  • edited February 2020

    Looking for mentorship!
    DM is willing to help with ssh2john thanks

  • Quick pointer: If you're using a current Kali VM, ssh2john is a python script located under /usr/share/john/ssh2john.py

    If you have the private SSH key you first need to generate a hash from it that john can work with:
    python /usr/share/john/ssh2john.py id_rsa > id_rsa_hash.txt

    Run john with rockyou or whatever list you want to use:
    john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa_hash.txt

  • edited March 2020

    Same here.

    ~/Downloads/software/john/ssh2john.py id_rsa > id_rsa.hash
    john id_rsa.hash --wordlist=~/Downloads/rockyou.txt
    Output: No password hashes loaded (see FAQ)

    john was unable to load the hash. Any ideal?

  • Does it display any errors or odd formatting if you just display the results to the console instead of piping to id_rsa.hash?

  • Type your comment> @hva said:

    Quick pointer: If you're using a current Kali VM, ssh2john is a python script located under /usr/share/john/ssh2john.py

    If you have the private SSH key you first need to generate a hash from it that john can work with:
    python /usr/share/john/ssh2john.py id_rsa > id_rsa_hash.txt

    Run john with rockyou or whatever list you want to use:
    john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa_hash.txt

    This is the correct answer @xVoid

    You can't use John to brute force the private key directly, you send it to ssh2john.py which gives you a hash. Then you run 'John /path/to/file /path/to/wordlist' in sudo and it will crack.

    Hack The Box

  • need so assistance. im trying to use ssh2john but i keep getting "id_rsa is not a valid private key file".

    i am running the follow in command:

    "python ssh2john.py ~/Documents/HTB/OpenAdmin_10.10.10.171/id_rsa > id_rsa.txt".

  • The id_rsa file isn't correct. You may have added characters when you tried to copy it down or missed something.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • is the sha512 in i******l not relevant?

  • Type your comment> @LMAY75 said:

    Try this:
    john --wordlist=/usr/share/wordlists/rockyou.txt crack.txt

    Assuming your rockyou list is still in /usr/share/wordlists... otherwise include your file path

    ty it worked

    Hack The Box

Sign In to comment.