Learn different techniques to create custom wordlists from the content of a website and how to use John the Ripper or Hashcat to crack Windows or Linux passwords.
Create tailored wordlists
cewl www.example.com -m 6 -w example-cewl.txt
vim /etc/john/john.conf
[...] Try the second half of split passwords -s x** -s-c x** M l Q # NEW RULES: # Add two numbers at the end of each password $[0-9]$[0-9] # Add two numbers at the end of each password and a special character such as $!./? $[0-9]$[0-9]$[$!./?] $[0-9]$[$!./?] # ADD HERE MORE RULES
As root:
john --wordlist=example-cewl.txt --rules --stdout > example-cewl-john.txt
hash-identifier
crunch 6 6 0123456789ABCDEF -o crunch.txt
crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha
crunch 8 8 -t ,@@^^%%%
crunch <min lengh> <max length> <alphabet>
Cracking Windows passwords
john 127.0.0.1.pwdump john --wordlist=/usr/share/wordlists/rockyou.txt 127.0.0.1.pwdump john --rules --wordlist=/usr/share/wordlists/rockyou.txt 127.0.0.1.pwdump
Cracking Linux passwords
/etc/shadow syntax:
- $1 = MD5
- $2, $2a, $2x, $2y, $2b = Blowfish
- $5 = SHA-256
- $6 = SHA-512
Using John the Ripper (as root)
unshadow passwd.txt shadow.txt > unshadowed.txt john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt
Using Hashcat (as root)
Straight attack for MD5:
hashcat -m 0 -a 0 /root/hashes.txt /usr/share/wordlists/rockyou.txt
Combination attack for MD5:
hashcat -m 0 -a 0 /root/hashes.txt /usr/share/wordlists/rockyou.txt
