In the second part of this tutorial, we are going to crack the hashes that we've captured previously. I'm going to explain how to do it with the powerful John the Ripper. It comes with Kali by default, so no need to install!
If you don't know nothing about this tool, you can check this Wikipedia article.
First, we have to put the password hashes in a friendly format for John. To do so, we will use a simple script that puts our freeradius-credsXXXXX.txt file in John format, you can download it here.
Visit the previous link, copy the script text to your clipboard and open a terminal.
Paste the text from your clipboard and hit Control + O to save the changes, then Control + X to exit. Change the permissions to the file by typing:
chmod +x radiustojohn.py
At this point execute the script with the freeradius-credsXXXXXXX.txt file as parameter:
./radiustojohn.py <path to the freeradius-creds file>
Now we've generated a freeradius.john file that John can understand. Type:
john --format=netntlm freeradius.john
At any time you can hit any key to see the status. As you can see, in about 3 seconds we've guessed 12 passwords. The weaker the password, the faster we crack it. Stronger passwords can take years to be cracked, of course you can use a custom wordlist:
john --format=netntlm --wordlist=<path to your dictionary file> freeradius.john
If you know something about the password, for example the length, you can modify the John's configuration file in order to try only passwords of that length. The configuration file is located in /etc/john/john.conf, let's make a backup of that file:
cp john.conf john.conf.old
Now that we've made a backup of the original file, let's change it.
At this point of the file, change the MinLen and the MaxLen for the length of the password. Imagine that you know the password's length is exactly 8, then you must put 8 in MinLen and 8 in MaxLen. Save the changes and run John:
john --format=netntlm --incremental=All freeradius.john
John also supports OpenCL to work with your GPU, which can crack so much faster.
That's all, I hope you've enjoyed! Ask any question!