Skip to content

ohn the Ripper Pt.4

Intro

In this article – the last in our John the Ripper series – we would like to focus on how we can use John to crack SSH keys, as well as mention some basics of Custom Rules.

SSH

What is SSH? When do we use it (or should)? How does it work, and what are some encryption techniques/technologies that SSH has to offer?

Let’s answer all of these questions briefly (it is a very big topic), before delving further into how john can leverage some of its functionalities to crack the SSH private key password of the id_rsa files.

SSH stands for Secure Shell, and is a remote administration protocol, which gives us the ability to access, control, or modify our remote infrastructure (usually servers) over the Internet. You might want to remote to your clients server to troubleshoot something, or to deploy some code.

Historically, SSH was created as a replacement for the much more insecure protocol called Telnet, which, even though with the same purpose, doesn’t offer encryption. You can see why that might make some of us feel quite awkward. SSH encrypts all of our communication to and from the remote server, by the virtue of encryption. With SSH we can authenticate a remote user, for example.

To use SSH, we can simply pull up the terminal (for MacOS/Linux) and type:

ssh <username>@<ip_address> -p(port_number)

Where the username is the name of the user we wish to connect as, and the IP address being that of our server we are connecting to. For Windows we can use a SSH client, the most known one being PuTTY.

For example, if we were to connect as a user called john to our remote server at 184.121.23.43 at the default port (for SSH its port 22), we would give a command like this:

ssh john@184.121.23.43 -p22

Regardless of our platform, once we’ve issued our command, we will get a prompt asking for a password for the user we specified, in order to authenticate us. If the credentials are correct, we will be shown a command-line, that of our server we just got into.



SSH and John the Ripper

As we’ve already mentioned, we can use john to crack private key passwords of our id_rsa files. If our target has configured key-based authentication – which just means they are using their private key – id_rsa – as their key to authenticate against the server and to log in using SSH. Since this will generally require a password, we can once again use John to help us crack that password, so that we can authenticate over the SSH (by the usage of the said key).

Another tool (as zip2john, and rar2john previously – sound familiar?) john leverages, is a tool called ssh2john. The logic remains the same – ssh2john converts the id_rsa key to a hash that John can work with. The syntax is virtually the same as before:

ssh2john [id_rsa_file] > [output_file]

ssh2john – command to call our converter tool

id_rsa_file – path to our file that we want to convert to a hash

output_file – here, we will store our output e.g. the hash that we’ve created

One small thing of note, before we look at our example. If your terminal tells you that ssh2john can’t be found (command not found – meaning ssh2john is not installed – like in the image below)


Please note that you can still use ssh2john.py, which is basically the same thing, wrapped inside a Python script. Usually, ssh2john.py is located in /opt/john/ssh2john.py or, in case you’re using Kali, you can find it in /usr/share/john/ssh2john.py. Just remember to invoke your Python scripts by adding python/python3 to your command line first. (as shown in the image below)


This also brings us to our example.

In order to do the cracking, we’ve first created a new private/public key-pair using ssh-keygen (image below)


(Spoiler alert! We’ve used the passphrase banana)

All that’s left now is to do some john magic.

First, we run our Python version of the ssh2john conversion tool – as shown below (which is the same image as above)


Simply, we’ve asked Python to run the script called ssh2john, which can be found in the /usr/share/john/ssh2john.py path… again, if you’re not on Kali, this would be /opt/john/ssh2john.py, and then we’ve given the path to our newly created (banana-protected) private key – /root/.ssh/id_rsa – which we’ve redirected to an output file on our Desktop, called KeyHash.txt.

Now we are ready, and should have all we need in order for John to crack our private key password for us.

We invoke John, using our trusty rockyou.txt wordlist, and let it do its thing:

 

Lo and behold, 29 seconds after, John has returned to us with the correct output – banana, cracking our password successfully!

Custom Rules

Similarly to the single crack mode that we’ve covered in part 2 of our series (word mangling, or variations of a word, where we change the letters to capital letters, numbers, etc.) we can also define our own sets of rules in similar fashion. John will then use our newly created rules to create passwords. This can be quite useful if we know (or suspect) the password structure of whatever it is that we’re attacking.

With this we can integrate capital letters, numbers, symbols… same as for the single crack mode. Also, this can prove to be rather useful for us, since organizations sometimes enforce password policies in order for them to be a bit less susceptible to dictionary attacks.

This is exactly what an attacker might leverage to their advantage! As we all know people tend to make similar passwords, or even reuse them, and adding numbers and capital letters, or symbols can make it so they meet the password policy’s requirement (complexity). Still, Babyblue1! is not an example of a secure password by any means!

So, if an attacker knew about the password structure, used a bit of Social Engineering on the target they’ve picked (some employee of the company perhaps), they could then easily connect the dots and compromise the system – gain a foothold into your now compromised organization.

Password rules are usually located in the /etc/john path, in a file called john.conf. Another path could be /opt/john.

To create our rule, the first line is used to create a name for the rule, which we can later invoke with John. It looks something like this: 

[List.rules:Babyblue]

Then, we need to use a regex style pattern in order to define our rule further:

A0 – prepends the word with characters we defined

c – capitalization of the character (position based!)

Az – appends the word with any characters we defined

u – convert to uppercase

Now we just need to decide where and what we want to be changed. To define what’s going to be prepended or appended, we put that in square brackets [] – in the order of usage!

We end up with something similar to this:

cAz”[0-9] [!@%$]”

After that, all that’s left is to add our rule to our usual command, by adding this flag: –rule=Babyblue.

We would end with a command like this:

john –wordlist=/usr/share/wordlists/rockyou.txt –rule=Babyblue target_file_path

Of course, there are many resources out there, and we would suggest first checking out these two, if all this talk about custom rules has piqued your interest.

Conclusion

Some finishing thoughts before we close out this series about John the Ripper. As we’ve seen from some of our examples and stuff that what was mentioned in the series, John offers a lot of flexibility and versatility, but, as always, in order to leverage this great tool to its maximum potential, there’s a lot of ground to be covered – this does not mean you need a PhD in Cryptography, of course, just a lot of trial and error!

We wish you happy (& safe) password cracking!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

What’s New Pandora FMS 761

Let’s check out together the features and improvements related to the new Pandora FMS release: Pandora FMS 761.

What’s new in the latest Pandora FMS release, Pandora FMS 761

NEW FEATURES AND IMPROVEMENTS

New “Custom Render” Report

A new item has been included in Pandora FMS reports, Custom Render. With this report you can manage in a more customized way with SQL queries, module graphs and HTML output customization. It allows users to create fully customized reports visually, including graphs.

 

New TOP-N connections report

A new item has been included in Pandora FMS reports, TOP-N connections. With this report you will have a summary table with the total data from connections and with connections of the interval by port pairs.

New Agent/Module Report 

A new item has been included in Pandora FMS reports, Agents/modules status. With this report you will be able to have in a table the state of agents/modules with the last data and the timestamp of this last-received data.

New Agent/Module status Report

It allows users to show a list of agents/modules along with their state, filtering previously by group. 

New SLA services Report

A new item has been included in Pandora FMS reports, SLA services. With this report you will be able to see the SLA of the services that you wish to configure, combining data from different nodes in a single report.

New alert templates

If you want to use the new group, you have it available in our module library:

New Heatmap view

A new view has been added, that of Heatmap. In this view you can see all Pandora FMS information organized by groups and module or agent groups. It is a view that is permanently refreshed and that allows you to see at a glance all the monitored information.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Interview With SCADAfence’s New Field CTO, Paul Smith

OT and ICS Industry veteran Paul Smith, author of “Pentesting Industrial Control Systems” has recently joined the SCADAfence team in the role of Field CTO. We interviewed Paul to get his thoughts on the current state of OT security, challenges that need to be addressed and his predictions for the future.

He was interviewed by content marketing manager, Joan Weiner Levin.

Continue reading

DPD knows there is no threat to their sensitive data

Direct Parcel Distribution Czech Republic is part of the DPDgroup international parcel delivery network, one of Europe’s top service providers on the courier, express, and parcel market. Every day it delivers more than 7.5 million parcels in more than 230 countries. The company works with sensitive data and needs to protect it and track its data flow, as well as protect USB drives and web applications.

Super-easy administration with no interruptions 

“We had to find a DLP solution to protect our data and we chose Safetica,” explains Vladimír Püschner, IT PMO & Innovation Director at Direct Parcel Distribution CZ. The solution provides us freedom in setting security policies, the DLP is modular, and we can set specific DLP policies for websites and even for the cloud,” he adds. 

Furthermore, the administration console is super easy to understand and to manage, and Safetica does not interrupt employees while they are working.

Super-fast implementation

Implementation of Safetica was fast, and it was completed within just a week. The IT department saw results after its first month with the DLP. The company then had the comprehensive information it needed to adjust its security policies.

Currently, Safetica performs several tasks at DPD:

  • Performs security audit
  • Protects data on endpoints
  • Automates security
  • Provides Enterprise features and Gold Support


Protecting data even during challenging events 

Thanks to Safetica, DPD knows exactly what is going on with company data and that nothing is going to happen to it. The IT department is aware of where the data is and who can access it. Data is safe even when a problematic employee leaves the company, which is always a challenge for companies.

I can recommend the Safetica solution,”

says Vladimír Püschner, IT PMO & Innovation Director at Direct Parcel Distribution CZ 

In a nutshell, DPD is satisfied with the Safetica ONE solution and has already implemented it in 5 other countries. The company plans on using Safetica to protect its data against data leaks and internal threats for the foreseeable future. 

About DPD

DPD (Direct Parcel Distribution) is a part of DPDgroup, the largest parcel delivery network in Europe. DPD’s goal is to become the standard in sustainable delivery and a major driver of e-commerce development. With its 1,800 couriers and 1,300 pickup points, DPD is one of the leading delivery services in the Czech Republic. It is the only parcel delivery company in the Czech Republic to offer Predict – a service that allows a customer to know in advance when a parcel will be delivered and gives them an exact 1 hour delivery interval. At the same time, recipients can change the time or place of delivery in the DPD Kuryr app.

Thanks to DPDgroup, DPD customers can use over 70,000 pickup points across Europe and send parcels to 230 countries worldwide thanks to the DPD, Chronopost, SEUR, BRT and Jadlog brands. DPDgroup is the parcel delivery network of GeoPost, a holding company owned by La Poste Groupe.


About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

New Cyber Threats & Vulnerabilities Brought on by the Rise of IoT Devices

Diving into Internet of Things Statistics

An Internet of Things (IoT) device simply means a device which can communicate back and forth with a central hub, mainly via WiFi but also using technologies such as SIM cards and radio frequencies. We are living in the age of digital connectivity, if it can have an IP address then you best believe it’ll have one assigned. From Samsung’s AI-powered Family Hub Smart Fridge which tells you what recipes you can make based on the ingredients inside, to Tesla vehicles with over-the-air updates for not only the software but also actual motor components (a 2018 update on the Model 3 to adjust the anti-lock algorithm which helped with braking distance).  

Consumer technologies aren’t alone when it comes to utilizing the Internet of Everything. Industries such as healthcare have their own use case. Internet of Medical Things (IoMT) such as smart sensors for monitoring patients’ vitals are an essential piece of equipment in modern healthcare facilities.  

The statistics back this growth: there are already more active IoT devices (10 billion) than people on earth. It’s expected that there will be over 30 billion total IoT devices by 2025, with the market value projected to reach $875 billion by that time. Every second over 100 new IoT appliances connect to the public internet. It’s so widely adopted that almost a third of the US population own a smartwatch. This sharp increase in devices has a clear effect on the global volume of data being transported, the graph below shows year to year growth.  

Cyber Threats & Vulnerabilities of IoT

As the Internet of Things rapidly grows, the cyber threats and associated risks continue to evolve and become increasingly complex with hackers coming up with new ways to breach devices and networks. Every organization should be aware of their own network attack surface, which is the totality of all vulnerabilities from connected devices and hardware. Each device poses a possible point of entry for an unauthorized user to gain access. Ideally you keep your attack surface as small as possible, making it easier to protect. But for some organizations, this simply isn’t a possibility, as there might be a need for thousands, if not hundreds of thousands of IoT sensors to report on key analytics.  

As mentioned earlier, the healthcare industry has a sizable use case when it comes to IoT devices. An issue with this is the cost associated with these complex pieces of equipment such as MRI scanners and X-ray machines. It simply isn’t feasible for these items to be upgraded regularly, which in turn leads to outdated and unsupported systems still playing a key role in the infrastructure. As an example, Windows 7 support was discontinued in January of 2020 after 10 years in operation, creating an untold number of vulnerabilities for organizations around the globe. According to a report from Palo Alto Networks cybersecurity division Unit 42, 83% of medical imaging devices are running unsupported operating systems.  

IoT devices suffer from a range of other vulnerabilities, including: 
  • Weak/default passwords and settings: Back in 2016, the largest DDoS attack ever at the time was launched against the service provider Dyn using a botnet powered by IoT devices. Hackers used a piece of malware called Mirai, which after initially infecting a computer would continue searching for vulnerable IoT devices and use default usernames and passwords to login. These credentials can be found online easily, and if the network operator doesn’t change them, anyone can gain access. 
  • Poor device security from the manufacturer: When a device communicates in plain text, all information that is being transferred can easily be intercepted via a Man-in-the-Middle attack. 
  • Outdated IoT firmware: A large percentage of IoT devices use third-party libraries for their firmware, these can easily become outdated and with the lack of ability to update the firmware on some devices, this poses an issue. 
  • Protecting your IoT Devices and Network: Network administrators need to realise that with these new devices they need to ensure they are keeping up with the essential security solutions. Strong passwords, firewalls and anti-virus software simply isn’t sufficient. The first step in protecting your IoT devices is to learn and understand what the most likely cyber threats are. Create a threat model which identifies, evaluates, and prioritizes potential vulnerabilities. Having a documented network is essential, a well-maintained network management system with advanced monitoring will massively help identify weak spots in the network.  
Basic IoT network security measures include:
  • VLANs: Placing the IoT devices in their own VLAN with total segregation from the rest of the network. This doesn’t have to be anything overly complicated, just set some simple rules such as trusted and untrusted depending on how much faith you have in the device. E.g. A Nest smoke alarm can be placed in the trusted VLAN and have access to the internet but a cheap Chinese thermometer would go in the untrusted VLAN and not have access to anything else.  
  • Static IPs: If it is possible to assign a static IP, definitely do so. This helps you to keep track of the device and can make troubleshooting a whole lot easier. Another benefit of this is helping with identifying new devices on the network. 
  • MAC Address whitelisting: An easy way of ensuring only authorized devices can access your company network. But it is important to note that these can be easily spoofed. 
Advanced IoT security measures include:
  • Modern Network Access Control (NAC): Traditional NAC solutions don’t scale well when it comes to IoT. Standard IEEE 802.1x security protocols are mostly incompatible with IoT devices. As mentioned above, MAC authentication can be spoofed. With NAC, network administrators are able to configure and enforce security policies and analyze device risk postures. 
  • Automated configuration: Having an automated onboarding system in place for new devices is a smart idea. If your company has a large number of IoT devices, it can be easy for some to slip through the security configuration if done manually.  
  • Device certificates: Using X.509 device certificates to manage the identity and security of devices adds another layer of security. These certificates play a key role in PKI-based security and serve as proof of device authenticity by authentication, encryption, and data integrity. 
  • Secure API connections: APIs are commonly used to transfer data between applications and devices. This can give way to a whole host of cyber threats. It is essential that only authorized systems can communicate with the API. The use of tokens to establish trusted identities and provide access to the appropriate services is highly recommended. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

What is WMIC and why will it be discontinued?

As we already explained on one occasion in this blog, Windows Management Instrumentation, WMI, is a technology owned by the company Microsoft®.

But there’s even more!

Things have changed and we are going to tell you all about it!

Do you already know what WMI is and why it will be discontinued?

WMIC was the WMI command-line utility, which provided an interface for the  Distributed Component Object Model (DCOM) Remote Protocol.

This protocol, in turn, allows remote procedure calls (RPC) with a set of extensions overlaid on Microsoft Remote Procedure Call Extensions.

DCOM is used for communication between software components such as Pandora FMS and networked devices.

The benefits of monitoring are unavoidable and this type of technology (communication and connection protocols) are used to work, prevent problems and progress.

However, it all depends on the use it is given:

In January 2021, the MITRE corporation registered the CVE-2021-26414 vulnerability, which recognizes that there was a possibility to access the privileges of a normal user, a non-MS Windows® system administrator user.

*Common Vulnerabilities and Exposures is a list of registered U.S. government information about known security vulnerabilities, in which each reference has a CVE-ID identification number.

The exploitation of this weakness  is not given by fortuitous conditions.

Never, right at first, an attacker who manages to gain access, stays only as a normal user, no, they usually become system administrators.

Thus, time and commitment are required to study the victim and achieve the task.

The company Microsoft®, concerned about the peace of mind of their customers, decided to publish and distribute the security patch called KB5004442 (February 2022), which increases user authentication.

Therefore, WMIC is not able to connect despite being a product from that same software brand.

However, that’s actually a side effect, not the main reason why the WMIC software was discontinued.

For some time now, Microsoft, progressively, has been updating, deleting and improving each of its components, and has even created new utilities.

This is the case of PowerShell, which will bear the new responsibilities inherited from WMIC from now on.

At Pandora FMS, always respecting our security architecture, we presented PandoraWMIC. Improved software for the new WMI connection requirements, which avoids this type of inconvenience, both in the Open version and in the Enterprise version.

Absolutely no one is safe from security attacks. This is only a small edge from the whole picture.

You may check our official documentation on this topic:

https://pandorafms.com/manual/en/documentation/07_technical_annexes/15_security_architecture

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

John the Ripper Pt. 3

Intro

It should come as no surprise that John can also deal with .zip and .rar archives. John does this by leveraging the zip2john and rar2john utilities, built in the tool, so that it can ingest something that it will know how to use. The syntax is pretty much the same, and by now, you should be quite familiar with it; still, we will use this article to show some examples of how we can make our .zip and .rar archives John-ready. As we will see, this is akin to the unshadow tool we’ve used previously.

zip2john

As mentioned, similar to unshadow, John has the inbuilt tool that’s called zip2john, which we use to convert our target .zip archive into a format john will know what to do with, and, we hope, crack successfully.

The basic syntax looks something like this:

zip2john [target_zip_file] > [output_file]

Flags:

target_zip_file – this is the path to our password protected protected .zip archive

> – greater than sign which redirects our command results to a specified output file

output_file – in this file we store our output

So, our command will look something like this:

zip2john target_archive.zip > zip_hash.txt

Once we’ve successfully obtained the zip_hash.txt output file, we simply supply it to John. And yes, we can use the wordlists too. Thus, we just had a couple of extra steps before we return to using John as we’ve already learned previously.

More simply put, we can say to John, something like this:

john –wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt

As you can see, this is something that we’ve already learned, and we’ve just used the zip2john utility to prepare our archive for John to work with. 

Let’s quickly cover rar2john next, and then we will go over some examples.

rar2john

The same as zip files, rar can also compress various files and folders. It does so by using the Winrar archive manager.

We use it in the same way as zip2john. First, we use rar2john to make the .rar archive ready for John – by obtaining its hash, then we supply the said hash to John to try and crack it.

The syntax is the same as for zip2john:

rar2john [target_rar_file] > [output_file]

Flags:

target_rar_file – this is the path to our password protected protected ..rar archive

> – greater than sign which redirects our command results to a specified output file

output_file – in this file we store our output

It will look something like this:

rar2john rar_archive.rar > rar_hash.txt

Now we just use John, the way we’ve learned, giving it our rar_hash.txt file:

john –wordlist=/usr/share/wordlists/rockyou.txt rar_hash.txt

Examples

Now that we’ve covered some basic stuff, let’s look at some examples.


We have a .zip archive, called testZip1.zip with three files inside, called pass.txt, sop.txt, and supersecret.txt.

To digress for a bit: it would be terrible if we saw something like this on our test, as an attacker. The naming convention here in our article is there for our convenience and illustrative purposes. Nobody should have a file called sop.txt (which usually stands for standard operating procedure). Pass.txt and supersecret.txt even less so, for obvious reasons.

Going back to our .zip cracking, we give John a command asking it to make an output file it can understand, and try to crack it. (image below)


We just gave John our output file (in this case test1.hashes), and it cracked our password. Note that you can make your output file to be of any format, for further processing/manipulation. Use what makes the most sense for your purposes.

Since we have our password, we show it with John, and try to open our password protected archive, which prompts us:





Finally, we have our cracked .zip archive, and contents opened, of one of the files:


Let’s look at some more examples.


We password protect our .rar archive, called safe.rar, as we can see – password is password1. Inside, we have put two files, called pass.txt, and pass2.txt, respectively. We now need to make something John can use, out of our .rar archive:


Now we ask John to crack our new file, called rar_cracked.hash, for demonstration, we passed no arguments/options to John first.


When we ask John to crack something, without giving other arguments, it will go through the default modes, with their default settings. (That’s why it started with single crack mode first, in the image above)

Since we know our password is really weak, and we don’t want to wait that much, we use our trusty rockyou.txt wordlist:


Our wordlist mode works immediately, giving us the password we were looking for – password1, as shown above.

We then try to open our archive, finally:


As we can see, we get a popup saying we need to enter our password to access safe.rar, which we type in:


Et voila! We have managed to access the .rar archive:


From the image above – two files, called pass.txt and pass2.txt, as mentioned previously – and their contents.

Conclusion

We’ve seen how we can use John to crack password protected .zip and .rar archives, and how it’s just one extra step after what we’ve already covered previously. Please note, though, that we were using just the rockyou.txt wordlist in our examples, and there are many wordlists out there, of different sizes (which can definitely speed up your attempts), purpose/type (why stop at passwords? We can also have URLs, web shells, fuzzing payloads, etc). Personally, I like to start off with the shortest wordlist that suits my particular need, as it is simply the fastest way. After that, if I don’t crack anything, I can easily switch to some larger lists.

One awesome resource would be the Openwall wordlists found on Openwall website – which is John the Ripper’s original website. There you can find some publicly downloadable lists, as well as paid ones, which can dramatically increase your password recovery potential, as that particular collection has 20+ languages, over 40 million entries, and also has pre-applied mangling rules (in this way you can do other likely password variations – adding digits instead of words, capitalization, etc.)

Before finishing, we would like to add that the best way to get these materials to ‘stick’ is to go and try for yourself. So, go fire up a VM, make some archives, add some files to it, password protect it, and attempt to crack it! (Once you master the easy ones, like in our examples, it’s time to start attacking some more complex passwords, and that’s where the greatest fun begins)

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Pandora FMS at the very top of G2

Bring it on Pandora FMS! If we have previously told you about our success at the Open Source Awards 2022 and the Peer Awards 2021, today we are here to tell you that we are at it once again!

We are at the top of G2 of Monitoring Software!

“Why is it easier to get unbiased information about a hotel room than about software?”

In 2012, five entrepreneurs asked themselves this question. The next day, they founded G2.

Una plataforma que en la actualidadA platform that currently has more than 60 million visits per year, and on which users can read and write quality reviews on 100,000 software products and other professional services.

More than 1,500,000 reviews have already been published, which help companies around the world make better decisions about how to reach their full potential.

That is why it is so important and honorable that Pandora FMS has become part of its Top 10 of the best Network Monitoring software.

  1. Ninja One
  2. Atera
  3. Logic Monitor
  4. Auvic
  5. Solar Winds
  6. Domotz
  7. Progress WhatsUp Gold
  8. Pandora FMS

Above many other already recognized companies. Such as Microsoft, Datadog, Zabbix, Nagios, Dynatrace, Catchpoint, Entuity, PRTG, Checkmk, Wireshark, Smokeping, OPManager, Netreo, Munin, Cacti and many more.

A badge that appoints Pandora FMS once again as the total monitoring solution:

  • Cost-effective, scalable and able to cover most infrastructure deployment options.
  • Find and solve problems quickly, whether you come from on-premise, multi cloud or a mix of both of them.
  • In hybrid environments where technologies, management processes and data are intertwined, a flexible tool capable of reaching everywhere and unifying data display is needed to make its management easier.

That’s Pandora FMS

You knew it, and now all G2 users know it too!

How did we get into the Top 10 of the G2 platform?

For now, to be included in the category of Network Monitoring, a product must, among other things:

  • Constantly monitor the performance of an entire computer network.
  • Create a baseline for network performance metrics.
  • Alert administrators if the network crashes, or varies, from the baseline.
  • Suggest solutions to performance issues when they arise.
  • Provide network performance data display.

Then comes the usability score of a product, which is calculated using their own algorithm that takes into account the satisfaction ratings of real users.

This rating is also often used by buyers to quickly compare and identify on the page the top-rated products.

The number of reviews received at G2 is also important, buyers rely more on products with more reviews.

Higher number of reviews = Higher representativeness and accuracy of the customer experience

In turn, G2, apart from rating the products based on the reviews collected in its user community, also does so with the aggregated data from online sources and social networks.

And then, participate in the different categories where you can earn badges like the ones we have won:

  • Best Usability. 
  • Easiest to Use.
  • Easiest Admin.
  • Best Meets Requirements.

And as they say over there:

That would be it!

Today we have reached this milestone, and since 2020 we have been winning these categories, all seasons! Let the Himalaya tremble in fear, we continue climbing to the very top!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

ESET named an Overall Leader in KuppingerCole’s report for its endpoint protection, detection and response capabilities

Bratislava, May 18, 2022 – ESET, a global leader in digital security, announced that it has been named an Overall Leader in the KuppingerCole Leadership Compass Endpoint Protection, Detection & Response (EPDR) 2022 report, where the business’ EPDR solutions were awarded Leader status in all categories of Product Leadership, Innovation Leadership and Market Leadership. KuppingerCole analyzed vendors based on a correlated view of Market and Product Leadership rankings, where ESET was recognized as a Market Champion. Furthermore, based on a correlated view of the Product and Innovation Leadership rankings, ESET came out as a Technology Leader.

KuppingerCole, an international and independent analyst organization, helps IT organizations by defining leaders amongst market vendors and the KuppingerCole Leadership Compass EPDR 2022 report provides a specific overview of vendors’ EPDR solutions. The report covers the trends influencing this segment and the essential capabilities required of EPDR solutions, and also provides ratings on how well the solutions meet expectations.

Analyzed in the report, ESET Inspect is the foundation of ESET’s extended detection and response (XDR) capabilities and works together with ESET PROTECT to offer a complete security solution that is optimized for customers’ ease of use. Furthermore, the latest MITRE Engenuity ATT&CK® Evaluations for Enterprise demonstrate that ESET Inspect is able to provide organizations with excellent visibility and context throughout all attack stages. As an XDR-enabling solution, ESET Inspect is a sophisticated tool with advanced threat hunting and incident response capabilities, and together with ESET PROTECT offers deep network visibility, cloud-based threat defenses, and more. Overall, ESET has continuously been named a top player and a leader in the industry for its balanced protection, detection and response security offering.

“We are honored to be recognized as a Leader in all the categories of KuppingerCole’s report, because at ESET, we believe in taking a multi-layered, high performance approach to our technologies, working closely with our customers for an optimized and complete security solution,” said Ignacio Sbampato, chief business officer at ESET. “Since our inception, we have been a pioneer in developing our machine learning capabilities to fight the toughest digital security challenges of today. And this recognition is testament to our relentless drive for progressive and innovative solutions for our customers.”

For more information on ESET’s results in this report, click here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.