{"id":2753,"date":"2023-05-05T12:38:27","date_gmt":"2023-05-05T10:38:27","guid":{"rendered":"https:\/\/mikadmin.fr\/blog\/?p=2753"},"modified":"2023-05-31T08:42:49","modified_gmt":"2023-05-31T06:42:49","slug":"how-to-crack-ssh-private-key-with-john-the-ripper","status":"publish","type":"post","link":"https:\/\/mikadmin.fr\/blog\/how-to-crack-ssh-private-key-with-john-the-ripper\/","title":{"rendered":"How to crack SSH\u00a0Private\u00a0Key\u00a0with\u00a0John the Ripper ?"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span><p>Views: 1614<\/p><div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"280\" height=\"280\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image.png\" alt=\"\" class=\"wp-image-2756\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image.png 280w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-150x150.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-50x50.png 50w\" sizes=\"auto, (max-width: 280px) 100vw, 280px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading has-text-align-center\">[Introduction]<\/h1>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-background has-medium-font-size\" style=\"background:linear-gradient(190deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%)\"><em>S\u00e9curiser un serveur Linux est essentiel pour tout utilisateur en ligne. L&rsquo;utilisation d&rsquo;une cl\u00e9 SSH est un choix courant pour acc\u00e9der \u00e0 un serveur de mani\u00e8re s\u00e9curis\u00e9e et sans avoir besoin d&rsquo;entrer un mot de passe \u00e0 chaque fois. Cependant, si la passphrase utilis\u00e9e pour prot\u00e9ger cette cl\u00e9 est faible, elle peut \u00eatre vuln\u00e9rable aux attaques de brute force<\/em> via l&rsquo;outil John the Ripper.<\/p>\n\n\n\n<div style=\"height:22px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-black-color has-text-color has-medium-font-size\">Dans cet article, nous allons vous expliquer comment utiliser<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\"><strong> <\/strong><\/mark><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">John the Ripper<\/mark><\/strong>, un outil de s\u00e9curit\u00e9 informatique souvent utilis\u00e9 pour cracker des mots de passe, pour cracker une <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">passphrase<\/mark><\/strong> d&rsquo;une cl\u00e9 <a href=\"https:\/\/mikadmin.fr\/blog\/how-to-change-the-default-ssh-port\/\" target=\"_blank\" rel=\"noopener\" title=\"\">SSH<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading has-text-align-center\">[Installation]<\/h1>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">Tout d&rsquo;abord, vous devez installer <a href=\"https:\/\/github.com\/openwall\/john\" target=\"_blank\" rel=\"noopener\" title=\"\">John the Ripper<\/a> sur votre machine. Pour ce faire, ouvrez un terminal et ex\u00e9cutez les commandes suivantes :<\/p>\n\n\n\n<div style=\"height:16px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\">Pour les distributions bas\u00e9es sur<strong> Debian \/ Ubuntu<\/strong> :<\/li>\n<\/ul>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">sudo apt-get update\nsudo apt-get install john<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading has-text-align-center\">[Exploitation]<\/h1>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">Ensuite, vous devez obtenir la <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">cl\u00e9 SSH<\/mark><\/strong> dont vous voulez cracker la <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">passphrase<\/mark><\/strong>. Vous pouvez le faire en copiant le fichier de la cl\u00e9 depuis le serveur sur votre machine locale. <\/p>\n\n\n\n<div style=\"height:26px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">Puis, vous devez utiliser l&rsquo;outil <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">ssh2john<\/mark><\/strong>, qui est inclus avec <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">John the Ripper<\/mark><\/strong>, pour convertir la <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">cl\u00e9 SSH<\/mark><\/strong> en un format que <strong>John<\/strong> peut comprendre. Cette \u00e9tape est r\u00e9alisable en ex\u00e9cutant la commande suivante :<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">ssh2john id_rsa &gt; hash<\/code><\/pre>\n\n\n\n<div style=\"height:33px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">Cela convertira la cl\u00e9 en un format hash\u00e9 et stockera le r\u00e9sultat dans un fichier nomm\u00e9 \u00ab\u00a0hash\u00a0\u00bb.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-1.png\" alt=\"john the ripper\" class=\"wp-image-2774\" width=\"546\" height=\"331\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-1.png 638w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-1-300x182.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-1-150x91.png 150w\" sizes=\"auto, (max-width: 546px) 100vw, 546px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:36px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-medium-font-size\">Ensuite, vous pouvez ex\u00e9cuter <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">John the Ripper<\/mark><\/strong> en utilisant le mode \u00ab\u00a0<strong>wordlist<\/strong>\u00ab\u00a0, qui essaiera de cracker la <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><strong>passphrase<\/strong> <\/mark>en utilisant une liste de mots de passe pr\u00e9d\u00e9finie. Vous pouvez t\u00e9l\u00e9charger des listes de mots de passe \u00e0 partir d&rsquo;Internet, mais gardez \u00e0 l&rsquo;esprit que plus la liste est longue, plus le processus de craquage prendra du temps.<\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">La commande suivante peut \u00eatre utilis\u00e9e pour ex\u00e9cuter <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">John the Ripper<\/mark><\/strong> en mode \u00ab\u00a0<strong>wordlist<\/strong>\u00a0\u00bb et en utilisant la wordlist <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\"><a href=\"https:\/\/github.com\/praetorian-inc\/Hob0Rules\/blob\/master\/wordlists\/rockyou.txt.gz\" target=\"_blank\" rel=\"noopener\" title=\"\">rockyou.txt<\/a><\/mark><\/strong> :<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">john --wordlist=\/usr\/share\/wordlists\/rockyou.txt hash<\/code><\/pre>\n\n\n\n<div style=\"height:26px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">Si la <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">passphrase<\/mark><\/strong> est trouv\u00e9e, <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">John the Ripper<\/mark><\/strong> affichera la <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">passphrase<\/mark><\/strong> en clair sur l&rsquo;\u00e9cran. Sinon, vous pouvez essayer d&rsquo;autres listes de mots de passe ou essayer d&rsquo;utiliser une wordlist personnalis\u00e9e.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"846\" height=\"291\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-3.png\" alt=\"john the ripper\" class=\"wp-image-2775\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-3.png 846w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-3-300x103.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-3-150x52.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2023\/05\/image-3-768x264.png 768w\" sizes=\"auto, (max-width: 846px) 100vw, 846px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading has-text-align-center\">[Conclusion]<\/h1>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">Il est important de noter que cette m\u00e9thode de craquage de <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">passphrase<\/mark><\/strong> est ill\u00e9gale si vous essayez de craquer une <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">cl\u00e9 SSH<\/mark><\/strong> qui ne vous appartient pas ou que vous n&rsquo;avez pas la permission d&rsquo;acc\u00e9der. Assurez-vous d&rsquo;avoir une autorisation l\u00e9gale pour effectuer ce type d&rsquo;op\u00e9ration avant de continuer.<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">En conclusion, il est important de choisir une <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">passphrase<\/mark><\/strong> forte pour prot\u00e9ger votre <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">cl\u00e9 SSH<\/mark><\/strong> et de la changer r\u00e9guli\u00e8rement pour renforcer la s\u00e9curit\u00e9 de votre serveur. <\/p>\n\n\n\n<div style=\"height:17px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-medium-font-size\">Cependant, si vous avez oubli\u00e9 votre propre <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">passphrase<\/mark><\/strong>, ou si vous avez besoin d&rsquo;acc\u00e9der \u00e0 une <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">cl\u00e9 SSH<\/mark><\/strong> qui ne vous appartient pas, <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-orange-color\">John the Ripper<\/mark><\/strong> peut \u00eatre un outil utile pour r\u00e9cup\u00e9rer la <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">passphrase<\/mark><\/strong> perdue. Mais n&rsquo;oubliez pas que cela ne devrait \u00eatre utilis\u00e9 que dans des circonstances l\u00e9gales et appropri\u00e9es.<\/p>\n\n\n\n<div style=\"height:32px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>We will explain how to use John the Ripper, a tool used to crack passwords, to crack a passphrase of an SSH Private Key with the famous wordlist rockyou.txt. <a href=\"https:\/\/mikadmin.fr\/blog\/how-to-crack-ssh-private-key-with-john-the-ripper\/\" class=\"more-link\">Continuer la lecture <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":2804,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[4],"tags":[7,21,45,10,29,22],"class_list":["post-2753","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-infosec","tag-bruteforce","tag-ctf","tag-pentest","tag-security","tag-ssh","tag-tryhackme"],"aioseo_notices":[],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/2753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/comments?post=2753"}],"version-history":[{"count":0,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/2753\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media\/2804"}],"wp:attachment":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media?parent=2753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/categories?post=2753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/tags?post=2753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}