Password cracking

From pentestwiki.org

Create tailored wordlists

$cewl www.example.com -m 6 -w example-cewl.txt


root #vim /etc/john/john.conf
[...]
Try the second half of split passwords
-s x**
-s-c x** M l Q
# NEW RULES:
# Add two numbers at the end of each password
$[0-9]$[0-9]
# Add two numbers at the end of each password and a special character such as $!./?
$[0-9]$[0-9]$[$!./?]
$[0-9]$[$!./?]
# ADD HERE MORE RULES

As root:

root #john --wordlist=example-cewl.txt --rules --stdout > example-cewl-john.txt


$hash-identifier


$crunch 6 6 0123456789ABCDEF -o crunch.txt


$crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha


$crunch 8 8 -t ,@@^^%%%


$crunch <min lengh> <max length> <alphabet>


Cracking Windows passwords

root #john 127.0.0.1.pwdump
root #john --wordlist=/usr/share/wordlists/rockyou.txt 127.0.0.1.pwdump
root #john --rules --wordlist=/usr/share/wordlists/rockyou.txt 127.0.0.1.pwdump


Cracking Linux passwords

/etc/shadow syntax:

  • $1 = MD5
  • $2, $2a, $2x, $2y, $2b = Blowfish
  • $5 = SHA-256
  • $6 = SHA-512


Using John the Ripper:

root #unshadow passwd.txt shadow.txt > unshadowed.txt
root #john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt


Using Hashcat:

  • Straight attack for MD5:
root #hashcat -m 0 -a 0 /root/hashes.txt /usr/share/wordlists/rockyou.txt
  • Combination attack for MD5:
root #hashcat -m 0 -a 0 /root/hashes.txt /usr/share/wordlists/rockyou.txt