21 hours 43 minutes
Welcome to the brute force and password cracking. Lab walkthrough.
All right. So I'll log in Route
and these two password files should be here.
Now. Like I said, you can use hash I. D. Or hash identifier on them. If you want to use hash id
do something like this.
And it will tell you and go through all of these what these passwords could be. And it gives you a lot of options.
If you use hash identify her though
you can enter your hash here
And it will tell you that it's possibly an MD five. We can use that for our Shawon passwords.
Of course the names kind of give them away.
Okay. Show one. So we know that we're dealing with MD five and sha one. Now let's talk about rocket at tXT. But where is that?
So, if we go
you'll see it zipped here. You have to unzip it.
So extract it.
I'll extract it here.
And this is what only used to crack my passwords.
We see it's here now.
So this will help me with my format with johN
So I can do John MD five
MD five. We can run this
and now it's just using users share johN password list.
So that was really fast. If we want to do this with Sha one,
You knew John Sha one
Format Equals Raw Sha one. And we can also specify our word list equals user share
let that go and you can see that it cracked. It
also tells you how to display it again.
Because if I go like this,
It doesn't specify it. I can go show
and it shows me the crack passwords.
All right. So, you'll notice If you don't specify the format, it may take a really long time to crack these. So that's why I identify them off the bat is very helpful.
So now we need to get on to this host. This Lennox host which is not explicable.
If you didn't end map
you'll notice something interesting.
Probably the easiest way to get in the box.
Medicine. Political root Shell. Well that's pretty easy. Right,
so we do need cat
1 5-4. Now we are route
so we didn't do. Now
is I need to make two files locally for etc. Password etc. Shadow.
So split this vertically. I will cat at sea password.
I can grab all these,
nah, no password
then I can cat at sea Shadow
and grab all these.
Of course I could find out where I started this.
What can you just do it again?
There we go.
Okay now I can use unshackled oh,
Cat password pass
And it should combine these.
So now we could do is john
equals user share
Wordless Rock. You
you'll notice we have the password for Kellogg sis
administrator and service right off the bat.
Now we also need to think about our wordless we're using we're using Rock you and we already have a known password right? Because we've done this before.
We know that MSF admin's password is MSF admin. I wonder if that's in rocky dot txt. So you could do MSF
and see if it's in user share Wordless Rock You
and we see it's not
so it's not going to find that
it's not a fast track
So we wanted to we could add this to our word list. Right?
So I wanted to add that into
this password list.
It could open it.
That's why a lot of people have their own lists.
So I'm gonna add this. MSF admin.
So I can get out of here and I can
not specify this and should default
wow. And that was pretty fast.
So now we should have
is collapse the sub terminal
and we will do show
and we see we have eight password hashes cracked. So we have ruined his. MSF admin sisters Batman, Kellogg,
MSF admin post grass user service administrator.
So that is how you crack all those passwords.