Password Cracking

Linux Tools for Cracking Passwords

Hashcat

hashcat -a $MODE -m $HASHTYPE $HASHFILE $WORDLIST -O

• -a: Attack mode, uses an integer to represent the reference

• -m: Hash-type, uses an integer to represent the reference

• -O: Enable optimized kernels (limits password length)

Basic Examples

Wordlist: hashcat -a 0 -m $TYPE $HASHFILE $WORDLIST

Wordlist & Rules: hashcat -a 0 -m $TYPE $HASHFILE $WORDLIST -r $RULEFILE

Brute-Force: hashcat -a 3 -m $TYPE $HASHFILE ?a?a?a?a?a?a

Combinator: hashcat -a 1 -m $TYPE $HASHFILE $DICT1 $DICT2

Association: hashcat -a 9 -m $TYPE $HASHFILE $WORDLIST -r $RULEFILE

John the Ripper

John the Ripper is one of the most well-known hash cracking tools designed for dictionary attacks. It combines fast cracking speed with a large range of compatible hash types. It works best when knowing the hash type which can be detected using tools like hashid or hash-identifier, which are both available tools for download or on kali linux.

john --format=$HASHTYPE --wordlist=$WORDLIST $HASHFILE

• --format: Force hash of type NAME, list with --list=formats

• --wordlist: Wordlist mode, reads words from FILE or stdin

Basic Examples

List Formats: john --list=formats

Single: john --single --format=$TYPE $HASHFILE

• Requires modifying hash file to have username in front i.e. $USER:$HASH

Wordlist: john --format=$TYPE --wordlist=$WORDLIST $HASHFILE

Windows NTLM: john --format=nt --wordlist=$WORDLIST $HASHFILE

Shadow File: john --format=sha512crypt --wordlist=$WORDLIST unshadowed.txt

• First make unshadowed.txt: unshadow $ETCPASSWD $ETCSHADOW > unshadowed.txt

Zip: john --wordlist=$WORDLIST $ZIPHASH

• Requires the zip hash: zip2john $ZIPFILE > $ZIPHASH

Rar: john --wordlist=$WORDLIST $RARHASH

• Requires the rar hash: rar2john $RARFILE > $RARHASH

• Follow up with extraction: unrar e $RAR

RSA: john --wordlist=$WORDLIST $RSAHASH

• Requires the rsa hash: ssh2john $ID_RSA > $RSAHASH