"I see my path, but I don't know where it leads. Not knowing where I'm going is what inspires me to travel it." --Rosalía de Castro
Introduction:With great regret I finally decided to retire my 10-year-old MacBook Pro as my personal travel laptop. Part of that is I'll be attending Defcon this year to help out #IAmTheCalvary and the #WeHeartHackers initiative by volunteering in the Defcon Biohacking village. Side note, if you are in Vegas, feel free to drop by and we can talk about cyber security in a clinical setting. Doctors and nurses hate passwords too!
Getting back on track, I wanted something a bit more modern to participate in this year's Crack Me If You Can Completion, as well as to play around in the various hacking villages so I bought myself a Microsoft Surface Book. The challenge was while Hashcat has a native Windows build, my experiences getting John the Ripper (JtR) running on Windows in the past have been ... troubled. That's part of why I loved my old MacBook. It just worked (sorry Linux), and JtR ran great on it. Now I could re-image my laptop with Linux or dual boot it but having Excel and Notepad++ makes my life so much better. Plus, I'm really digging the tablet. So before I went ahead and installed VirtualBox and ran JtR in a VM I figured I'd try and install JtR using the new Windows Subsystem on Linux (WSL). Long story short, it worked great and was straightforward to do, so I figured I'd share my experiences.
Other Options for Running John the Ripper on WindowsIf you want to skip this guide and instead install a pre-built executable of JtR, you can obtain a relatively up-to-date version here: https://github.com/claudioandre-br/packages/releases/tag/jumbo-dev
Note: I've never run these, so I'm not very familiar with how they perform.
Other options include installing JtR using Cygwin. A guide for doing so is available here: https://openwall.info/wiki/john/tutorials/win64-howto-build
Finally, a very common option that I referenced to above is to simply install VirtualBox, and then run JtR in a VM.
Windows Subsystem for Linux:
If you are wondering what WSL is, you are not alone! At a high level, it lets you run Linux programs on Windows without having to recompile them or run them in CygWin. To steal Microsoft's own words:
The Windows Subsystem for Linux lets developers run a GNU/Linux environment -- including most command-line tools, utilities, and applications -- directly on Windows, unmodified, without the overhead of a virtual machine.You can:
- Choose your favorite GNU/Linux distributions from the Microsoft Store.
- Run common command-line free software such as grep, sed, awk, or other ELF-64 binaries.
- Run Bash shell scripts and GNU/Linux command-line applications including:
- Tools: vim, emacs, tmux
- Services: sshd, MySQL, Apache, lighttpd
- Install additional software using own GNU/Linux distribution package manager.
- Invoke Windows applications using a Unix-like command-line shell.
- Invoke GNU/Linux applications on Windows.
The mechanics of it are complicated with significant differences between WSLv1 and WSLv2. This guide was written with WSLv1, though if I get adventurous before Defcon I may try to upgrade to WSLv2.
Enabling WSLv1 and Install a Linux Distro:
The first thing you need to do is enable WSLv1 as it is disabled by default. As a fair warning, this will require a reboot.
- There are several ways to enable WSLv1. I opted to use PowerShell. The first step then is to open an Administrative instance of PowerShell.
- Run the following command (ref):
- Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsytem-Linux
- Reboot your system when prompted to.
- Once your computer starts back up, the next step is to pick a Linux distro. Open the Microsoft store and type Linux in the search menu
- Side note: You'll be happy to know that Kali Linux is rated "E for Everyone"!
- Important Note: All the Linux distros I looked at in the Windows Store, (including Kali), are barebones and do not include graphical desktops, or many tools or installed libraries. It's not like installing a Kali live boot image.
- Because Kali doesn't come with any tools preconfigured, I opted to go with a base Ubuntu build. That's also partially because Kali and Hashcat in the past haven't been an ideal match, so I tend to stay away from it on my desktop builds
- Once you install Ubuntu, you'll still need to initialize it. To do this open PowerShell again, though this time you can run it as a standard user. For Ubuntu, simply type 'ubuntu'
- You'll be prompted to create a user account. Go ahead and do so.
- Congratulations, you are now running Linux on Windows!
Installing John the Ripper
- This guide was written using the bleeding-jumbo version of John the Ripper, which is available here: https://github.com/magnumripper/JohnTheRipper
- It's beyond the scope of this guide on how to install and use Git on Windows, (I personally like GitKracken). While you can download the source-code as a zip file, I highly recommend downloading it using git to make keeping it up to date much easier. With WSLv1, it's recommended that you install the code somewhere besides your new Linux filesystem. I put it in c:\github\JohnTheRipper\. With WSLv2 that changes, but I'll cross that bridge when I try that out. You could also probably install git into Ubuntu and download it that way, but I didn't try that.
- The next step is to install all the required libraries in WSLv1 Ubuntu. Run all the following commands in the PowerShell window above after starting Ubuntu. If you ever close your window, you can restart PowerShell and type "ubuntu" to restart Ubuntu.
- Update your package libraries. If you don't do this, the following installs will not work, (as seen in all the errors above the command in the below screenshot)
- sudo apt update
- Install GCC. Select 'Y'es when prompted. The install will take a while.
- sudo apt install gcc
- Install Make
- sudo apt install make
- Install various libraries required/recommended for JtR Bleeding-Jumbo
- sudo apt install libssl-dev
- sudo apt install libgmp-dev
- sudo apt install libkrb5-dev
- Navigate to your Windows drive where you installed the John the Ripper source-code. You can access you C:\ Drive under the /mnt/c directory. Run the following command to build JtR
- ./configure && make
- The build process will likely take around 10-15 minutes. After it is done you should see the following. If there are any errors, something went wrong so you will likely need to perform additional troubleshooting.
- Finally navigate to the run directory '../run/' and try to start John the Ripper:
- Congratulations! You are now running John the Ripper on Windows!
If you are curious, here is a short snipped of me benchmarking JtR on my PC. Note, this is only running on a single core. I should have also included the --fork=8, which I'll admit I didn't realize worked with the --test option before writing this guide.
- Microsoft Surface Book 13 Inch,
- Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
- 16.0 GB Ram
Test command: ./john --test
Benchmarking: bcrypt ("$2a$05", 32 iterations) [Blowfish 32/64 X3]... (8xOMP) DONE
Speed for cost 1 (iteration count) of 32
Raw: 6344 c/s real, 790 c/s virtual
Benchmarking: Raw-MD5 [MD5 256/256 AVX2 8x3]... DONE
Raw: 61074K c/s real, 61074K c/s virtual
Benchmarking: scrypt (16384, 8, 1) [Salsa20/8 128/128 AVX]... (8xOMP) DONE
Speed for cost 1 (N) of 16384, cost 2 (r) of 8, cost 3 (p) of 1
Raw: 280 c/s real, 35.0 c/s virtual
Benchmarking: LM [DES 256/256 AVX2]... (8xOMP) DONE
Raw: 121470K c/s real, 15241K c/s virtual