Password Cracking
Linux Tools for Cracking Passwords
Last updated
Linux Tools for Cracking Passwords
Last updated
Wordlist: hashcat -a 0 -m $TYPE $HASHFILE $WORDLIST
Wordlist & Rules: hashcat -a 0 -m $TYPE $HASHFILE $WORDLIST -r $RULEFILE
Brute-Force: hashcat -a 3 -m $TYPE $HASHFILE ?a?a?a?a?a?a
Combinator: hashcat -a 1 -m $TYPE $HASHFILE $DICT1 $DICT2
Association: hashcat -a 9 -m $TYPE $HASHFILE $WORDLIST -r $RULEFILE
John the Ripper is one of the most well-known hash cracking tools designed for dictionary attacks. It combines fast cracking speed with a large range of compatible hash types. It works best when knowing the hash type which can be detected using tools like hashid or hash-identifier, which are both available tools for download or on kali linux.
List Formats: john --list=formats
Single: john --single --format=$TYPE $HASHFILE
Requires modifying hash file to have username in front i.e. $USER:$HASH
Wordlist: john --format=$TYPE --wordlist=$WORDLIST $HASHFILE
Windows NTLM: john --format=nt --wordlist=$WORDLIST $HASHFILE
Shadow File: john --format=sha512crypt --wordlist=$WORDLIST unshadowed.txt
First make unshadowed.txt: unshadow $ETCPASSWD $ETCSHADOW > unshadowed.txt
Zip: john --wordlist=$WORDLIST $ZIPHASH
Requires the zip hash: zip2john $ZIPFILE > $ZIPHASH
Rar: john --wordlist=$WORDLIST $RARHASH
Requires the rar hash: rar2john $RARFILE > $RARHASH
Follow up with extraction: unrar e $RAR
RSA: john --wordlist=$WORDLIST $RSAHASH
Requires the rsa hash: ssh2john $ID_RSA > $RSAHASH
