#
Cracking Passwords
NOTE: location of many wordlists in kali /usr/share/wordlists NOTE2: while you are waiting for hashes to crack, try credential reuse.
#
Hashcat
#
hashid
you can easily identify the mode needed in hashcat by running hashid with the -m flag
hashid -m hash.txtif that fails you can look at examples on the hashcat wiki: https://hashcat.net/wiki/doku.php?id=example_hashes
#
Wordlist
copy hash(es) into hash.txt
hashcat -m 1800 hash.txt /usr/share/wordlists/rockyou.txt -O # Crack SHA-512 Crypt with -O (optomize) flag
hashcat -m 10000 hash.txt /usr/share/wordlists/rockyou.txt #Crack Django (PBKDF2-SHA256)
hashcat -m 7900 hashes.txt --user /usr/share/wordlists/rockyou.txt # Crack multiple Drupal7 hashes from file that includes username:hash
#
Partial Password
cat > hash.txt
root:$2a$10$VM6EeymRxJ29r8Wjkr8Dtev0O.1STWb4.4ScG.anuu7v0EFJwgjjOcat > password
PleaseSubscribe!now crack!
hashcat -m 3200 hash.txt password --user -r /usr/share/hashcat/rules/best64.rule
#
John the ripper
john stores previously cracked hashes in a potfile: less ~/.john/john.pot
#
unshadow
Combine the provided passwd (passwd) and shadow (shadow)(shadow) and redirect them to a file (> unshadowed.txt):
unshadow passwd shadow > unshadowed.txt
#
finding hash type
john --list=formats | tr ',' '\n' | grep PBKDF2
#
cracking with wordlist
john --wordlist=/usr/share/john/password.lst --rules hashes.txt
john --wordlist=fsoc.dic --rules --format=Raw-MD5 hash.txt # Crack a raw md5
john --wordlist=/usr/share/wordlists/rockyou.txt --format=nt hash.txt # Crack an ntlm hash
#
Cracking GPG
gpg2john test.priv > gpghash.txt # extract hash from gpg private key
john --wordlist=/usr/share/wordlists/rockyou.txt gpghash.txt # Crack an gpg hashthen you can decrypt messages on the commandline like so:
mykey.asc # should start with
-----BEGIN PGP PRIVATE KEY BLOCK-----
gpg --import mykey.asc
Check if it shows up:
gpg --list-secret-keys
Decrypt a message:
gpg --output ./decrypted_msg.txt --decrypt ./encrypted_msg.txt
#
inspecting pot file
john saves previous cracks in a pot file.
less ~/.john/john.pot