I asked stackers in #703346 to crack an encrypted SSH key. It's been 24 hours with no one claiming the bounty so I thought I'd reveal the solution.
The solution is to use John the Ripper, a "password security auditing and password recovery tool" or in other words: a password cracker. Let me show you how.
First, we store the encrypted SSH key in a file named id_rsa (the default name for SSH RSA keys):
$ cat > id_rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,353B80CD6D6AE8B97C9489F71E12DA0A
NU5iL4TPOyNHc5CD/wEEEl2HVv8NLQ6Gk+Ez4Ay8rKpGTWXwogtyhNxaaJBmAC4v
UnWwdErjHkD7XtrKqFUdQ5U/G0aMAXVk4gzSX49AW6Z2haUBP9Q0h4JilSvpnoJ8
kIAZr7vdgjdw+mAgphaJeWQkvvbExOhA2k/g514+WDMeWeuNeqknEfuN9uXXfc/e
xLF5axl/VfVNW1cS3tXNPJ3s19DPobJw5xjNh0bN0CKBDu0H62fw0XxxQMJoi9wC
p6HBKQPK/y2r/UrjeCBunS/MRdJxsb99NBNoEPdGuEwLWJgIXchtKSsp6SQ/gWG4
EuH/esk9LmfhHXZftPc4iMsh4HQ8ispbn4XDl/VhOP9DNdmT3EtrHfkPlo9QvAKq
3pADA1tzzYIjMDo4UdRIFCACP5eTptOJaApPNMMd6v+pQVbyGCQ6YQWomtBLekQg
Cs1LWl45NbuKQm5w4ZP1cca2W0Riv+YKa8ITFkwE4esD8UeGxkhcTy/M82lLWxii
vwZPLIpmbUhHxmJeniMdMEkfVWOFbsmt2vjdD56dJfrYBAkAbS1vaQdJQFdpgGZx
Z7J6CZcQhzxjyEbX8Xu7WSu7pwdT2Jorrx3YtXvVnysq0+YMoNdzMbfZYrSbsrxF
nGfeIOYM9XwjHnzEwCAzhgmg+eDYd6tALzN+uu/mDCa51RoI9UL6Xl2kn7w6+QQQ
HCG1zmYn+AtONdI5tMPM7OaPNNdrNI0kg9jO+pgQpvsBfD9dxbRzKcpCzgld1arL
MucniUiQ5+0d1mqNba3PmN/5VreSHwXGALuRoC3bF8+FfUkkWJacvp+cuJUnCIkM
Vh9SrRE+XKFZI3ty0dZQS27z4K/W6A1I9ZaZyo7/S0Mzy+/TOH+/EAF7IrKANlzh
c+LhpGY1L/tUOv8g7ljURqyYMnHOFyMhk1sioi1EDB8vjfFPcvHWzOW5ls8FOK+x
1NnC4s1KybvG4N2vg+QP07AFJjEEIziaZHrwHb37jJEACYqSYTw5zTkwZx7Ki5iq
aa0MUZGoq0SCxVSnfbd1tWj3KwALsUzdI/pir4uK55+KT2ym7BffeAEHfVAdaT6n
pqT1qab6ba/YcNx/n8k0nXYOtJH99zt+4wf1q1dn4P/ZZ8F4lYjoaC91SagkM2te
sAQTPagFnYF7YY+TkvyZYP2z7FDxaFEr+p5tWWNev1RuWYrXWJGjF+rf6Fq6IaqB
1vaNTZhLEONkgM4KGYy7sHSLDruRH0yrsvb96EMNEJh8RTKQUYnjW8IWQgWTVibq
9OsplFe9EZF9PJajEc00TS5KdP2J5rHITIzYnk17NLZYPa9cI1NlSh6QizlcUJYW
Mwe22NjF0K7CfKLUVv1CFfCtfW8LY/iIAQ860AaruU8Mk/wwqssd2j8MOsG5E1uO
KB03k66umHEoV0KormAC47O9yxDgvGY22zEniFmO9Qc2KfGGAw0O/dxO7tQMuDvU
/d2t1+UekJ5FRZ9pj07zGZNYqNesZilvxBUXTZKXfbl/D4Xg8YXhJPd+RHe1j7o3
0T3co1gPnUZsPtOuh+ZyMoUyOqSWy4HUKyYbErlHCFi/5I/zuhRMnfoGex5jxJvt
-----END RSA PRIVATE KEY-----
^D^D means CTRL+D which will enter a end-of-file (EOF) character to close the stream.
Then, we run ssh2john. It usually comes bundled with the JtR executable john. It extracts the password hash from SSH keys into the format that JtR needs:
$ ssh2john id_rsa > hash
$ cat hash
id_rsa:$sshng$5$16$353B80CD6D6AE8B97C9489F71E12DA0A$1200$354e622f84cf3b2347739083ff0104125d8756ff0d2d0e8693e133e00cbcacaa464d65f0a20b7284dc5a689066002e2f5275b0744ae31e40fb5edacaa8551d43953f1b468c017564e20cd25f8f405ba67685a5013fd434878262952be99e827c908019afbbdd823770fa6020a61689796424bef6c4c4e840da4fe0e75e3e58331e59eb8d7aa92711fb8df6e5d77dcfdec4b1796b197f55f54d5b5712ded5cd3c9decd7d0cfa1b270e718cd8746cdd022810eed07eb67f0d17c7140c2688bdc02a7a1c12903caff2dabfd4ae378206e9d2fcc45d271b1bf7d34136810f746b84c0b5898085dc86d292b29e9243f8161b812e1ff7ac93d2e67e11d765fb4f73888cb21e0743c8aca5b9f85c397f56138ff4335d993dc4b6b1df90f968f50bc02aade9003035b73cd8223303a3851d4481420023f9793a6d389680a4f34c31deaffa94156f218243a6105a89ad04b7a44200acd4b5a5e3935bb8a426e70e193f571c6b65b4462bfe60a6bc213164c04e1eb03f14786c6485c4f2fccf3694b5b18a2bf064f2c8a666d4847c6625e9e231d30491f5563856ec9addaf8dd0f9e9d25fad80409006d2d6f69074940576980667167b27a099710873c63c846d7f17bbb592bbba70753d89a2baf1dd8b57bd59f2b2ad3e60ca0d77331b7d962b49bb2bc459c67de20e60cf57c231e7cc4c020338609a0f9e0d877ab402f337ebaefe60c26b9d51a08f542fa5e5da49fbc3af904101c21b5ce6627f80b4e35d239b4c3ccece68f34d76b348d2483d8cefa9810a6fb017c3f5dc5b47329ca42ce095dd5aacb32e727894890e7ed1dd66a8d6dadcf98dff956b7921f05c600bb91a02ddb17cf857d492458969cbe9f9cb8952708890c561f52ad113e5ca159237b72d1d6504b6ef3e0afd6e80d48f59699ca8eff4b4333cbefd3387fbf10017b22b280365ce173e2e1a466352ffb543aff20ee58d446ac983271ce172321935b22a22d440c1f2f8df14f72f1d6cce5b996cf0538afb1d4d9c2e2cd4ac9bbc6e0ddaf83e40fd3b00526310423389a647af01dbdfb8c9100098a92613c39cd3930671eca8b98aa69ad0c5191a8ab4482c554a77db775b568f72b000bb14cdd23fa62af8b8ae79f8a4f6ca6ec17df7801077d501d693ea7a6a4f5a9a6fa6dafd870dc7f9fc9349d760eb491fdf73b7ee307f5ab5767e0ffd967c1789588e8682f7549a824336b5eb004133da8059d817b618f9392fc9960fdb3ec50f168512bfa9e6d59635ebf546e598ad75891a317eadfe85aba21aa81d6f68d4d984b10e36480ce0a198cbbb0748b0ebb911f4cabb2f6fde8430d10987c4532905189e35bc2164205935626eaf4eb299457bd11917d3c96a311cd344d2e4a74fd89e6b1c84c8cd89e4d7b34b6583daf5c2353654a1e908b395c5096163307b6d8d8c5d0aec27ca2d456fd4215f0ad7d6f0b63f888010f3ad006abb94f0c93fc30aacb1dda3f0c3ac1b9135b8e281d3793aeae9871285742a8ae6002e3b3bdcb10e0bc6636db312788598ef5073629f186030d0efddc4eeed40cb83bd4fdddadd7e51e909e45459f698f4ef3199358a8d7ac66296fc415174d92977db97f0f85e0f185e124f77e4477b58fba37d13ddca3580f9d466c3ed3ae87e6723285323aa496cb81d42b261b12b9470858bfe48ff3ba144c9dfa067b1e63c49bedIt's usually a good idea to run a dictionary attack, and we will need a word list for this. A very common word list is rockyou.txt. It's a file that contains over 14 million passwords. It came out of a data breach in 2009. RockYou, a social media company that developed widgets for MySpace got hacked and stored the passwords of their users in plaintext. We can download this file from various sources but we will use the one in the Kali Linux repository:
$ $ wget https://gitlab.com/kalilinux/packages/wordlists/-/raw/kali/master/rockyou.txt.gz
--2024-09-29 02:17:52-- https://gitlab.com/kalilinux/packages/wordlists/-/raw/kali/master/rockyou.txt.gz
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving gitlab.com (gitlab.com)... 172.65.251.78, 2606:4700:90:0:f22e:fbec:5bed:a9b9
Connecting to gitlab.com (gitlab.com)|172.65.251.78|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 53357341 (51M) [application/octet-stream]
Saving to: ‘rockyou.txt.gz’
rockyou.txt.gz 100%[=================url=====================================================================================>] 50.88M 304MB/s in 0.2s
2024-09-29 02:17:53 (304 MB/s) - ‘rockyou.txt.gz’ saved [53357341/53357341]
$ gzip -d rockyou.txt.gzNow, we can run john:
$ john --wordlist=rockyou.txt hash
Using default input encoding: UTF-8
Loaded 1 password hash (SSH [RSA/DSA/EC/OPENSSH (SSH private keys) 32/64])
Cost 1 (KDF/cipher [0=MD5/AES 1=MD5/3DES 2=Bcrypt/AES]) is 0 for all loaded hashes
Cost 2 (iteration count) is 2 for all loaded hashes
Will run 8 OpenMP threads
Note: This format may emit false positives, so it will keep trying even after
finding a possible candidate.
Press 'q' or Ctrl-C to abort, almost any other key for status
****** (id_rsa)
Warning: Only 2 candidates left, minimum 8 needed for performance.
1g 0:00:00:03 DONE (2024-09-28 21:27) 0.3300g/s 4733Kp/s 4733Kc/s 4733KC/sa6_123..*7¡Vamos!
Session completedA common mistake is to not use the = in --wordlist=rockyou.txt. It's required!
The output of john tells us that ****** is the password. Success!
Now go ahead and try to crack your own encrypted SSH keys using JtR and rockyou.txt. if you're successful, you should definitely use a stronger password.
Even if your exact password is not included in rockyou.txt, JtR might still find your password since it can mangle the passwords according to rules (see docs about JtR's cracking modes).
Aww I was just starting to procrastinate by spinning up a Kali VM to take a crack at it and now I see it. Oh well, good timing! Good learning too. Next challenge maybe :P
Follow-up question: how long did it take you to brute-force this one (assuming you used GPU too)?
Edit: I don't normally use Kali but WSL was being a prick about building John The Ripper and i know Kali has John installed and ready to go so I figured... I despise dealing with end-of-line formatting shenanigans between Windows and Linux/WSL
Oh sorry, I guess I wasn’t patient enough haha. I zapped you the bounty here as the winner of hearts.
I’m thinking about something using metasploit or other popular pentesting software. 🤔
Just a few seconds even without a GPU since I ran it on a cheap server.
@ek are you a pentester or ethical hacker ?
Isn’t that the same?
I’m a poser
Jajaja ... I'm a wannabe
Started studying cybersecurity but so far I have been so disappointed on what I been taught. Wasted a bunch of money that would otherwise be better spent on a certification.
If you could give an advice, what cert might you recommend?
I would love to recommend you a cert but I really have no idea, I never did one (but I might at some point).
Most of my knowledge is from labs in university. I switched university after my Bachelor's degree because I was also disappointed in what they had to offer. They didn't even offer general computer science courses about compilers for example.
This might have been one of my best choices in life because the new university had so much more interesting courses available (which is why I picked it). They even had cybersecurity labs! I took the following three:
I also played some CTFs with the university team which was fun but I wasn't really good since the challenges get really difficult really fast and I wasn't consistent in my practice. I already struggled with the challenges that were supposed to be easy during live CTFs but it also depends a lot on the CTF.
I can recommend playing CTFs though if you haven't already. Examples:
Is your university/college known for computer science and ideally even cybersecurity? If not, it might be wise to look for another one if you can. Not sure where you're from, but here in Europe it's mostly just a matter of applying successfully and being willing to move there since studying is mostly free here. I wish I made more use of that but I didn't really appreciate studying during my time, especially at the end. I dropped out before I finished my Master's degree (I was nowhere near finishing after 2 years) because I was offered to join SN.
Thank you for your answer, it does provide some important points as to where to get hands on skills.
Sadly I'm studying in Canada as an international student, picked a college because of the "practical" labs, which nothing has been further from the truth. I have spent over 30k in this fucking scam of a college for things that are half ass explained and where I shit you not, a teacher literally give as YouTube videos instead of explaining.
I could have gotten a SANS certification for 9k instead of blowing my savings. Ohhh well.
Thanks a lot for this practical guide. I have been using John the Ripper since 2016 and I haven’t scratched the surface. Your methodology is very interesting. I am glad that you posted this. Again, thank you.
This looks good to try and learn.
If you want to create a strong password... don't you just roll some dice and pick them from a wordlist?
The EFF long wordlist is 7776 words so.... roll 6 words with dice from toy store store and that's around 77 bits.
"A nation state actor like the NSA may be able to perform quadrillions/second. Conservatively assuming a professional adversary can guess passwords at the rate of a 1,000,000,000,000 keys/second (Edward Snowden suggests being prepared for a Trillion guesses per second), an exhaustive brute-force search on 50% of the total keyspace might take:
~110,536,959,860 seconds
~1,842,282,664 minutes
~30,704,711 hours
~1,279,363 days
~3,505 years"
That's a long time