Cracking RSA Private Key Passphrase with John the Ripper

Here is an example of what an SSH private key looks like.

—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,AEB88C140F69BF2074788DE24AE48D46

DbPrO78kegNuk1DAqlAN5jbjXv0PPsog3jdbMFS8iE9p3UOL0lF0xf7PzmrkDa8R
5y/b46+9nEpCMfTPhNuJRcW2U2gJcOFH+9RJDBC5UJMUS1/gjB/7/My00Mwx+aI6
……..
RUgZkbMQZNIIfzj1QuilRVBm/F76Y/YMrmnM9k/1xSGIskwCUQ+95CGHJE8MkhD3
—–END RSA PRIVATE KEY—–

For this tutorial we are assuming you have a private key stored in a file. We’ll name the file rsakey.

First you want to try and log in to the host via SSH and see if the passphrase is blank using:

#root@kali: ssh -i rsakey user@10.10.10.79

Now we need to convert the rsa key to john format and save it in a file:

#root@kali: ssh2john rsakey > rsa2johnfile

Now crack the passphrase using any wordlist:

#root@kali: john –wordlist=/usr/share/wordlists/rockyou.txt –format=SSH rsa2johnfile

When it’s done, you can show the password if it has been cracked by issuing the following command:

#root@kali: john –show rsa2johnfile