21 hours 43 minutes
Module 10 password cracking and brute forcing logins.
An introduction of password cracking tools
are learning objective is to explain the various tools available to identify hash values
and crack passwords in Cali Lennox.
So in Cali we have two weapons of choice if you will.
One is John the ripper and this is my favorite of the two.
And it is a command line tool that you have this great gooey still does, but it's not in Cali anymore by default called johnny and it was, I know I said I like the command line better. But out of all the gooey based tools, this is probably my favorite to use and it was very, very user friendly
hash cat takes a little bit of getting used to. There's a steeper learning curve.
Um and you really need to know what hash you're working with, otherwise you're not going to crack the password, john is a little bit more forgiving than hash cat.
so first things first, you know you're, you're doing oh, SCP and you come across a long string of letters and numbers and dollar signs and you don't know what it is. Of course this goes for P W K and other labs that you do and C T. S.
Is it a hash value? So how do you figure out what hash that version that is, was it MD five, is it shot to 56? Is it be crypt? I don't know. Um so you can use tools native and kelly one is called hash I. D. And as you see here I had a file named Shadow
and I simply did hashd shadow
And analyzed the hash value and it came up with Shah 5 12 crypt.
I also did it where I specified the hash um just in the command line within single quotes here. And it came up with Wordpress, Jumla and PHP pass. Well I found this on a Wordpress site so I bet you can guess which one that is.
There's also hash identifier from what I can tell. Hash identifier does not
analyze files. You have to put every hash in there individually.
Of course, you can also use google if you see something dollar sign, p dollar sign, you can google that and figure out what that is.
So john the ripper, this is the more forgiving of the two tools and if you were a junior pen tester or junior hacker, this should be your tool of choice. Um I say you should learn both but john is very, very forgiving because you can simply type john put in the password file
and it will try to figure out what that hash value is in crack it for you.
There's also this single crack mode, if you have a username and a password from what I understand, simple crack mode will try a combination of the user name. You know, maybe it will make upper case, lower case or lowercase uppercase or try a one in there.
Um, so that's what single crack mode is. So johN has a lot of functionality
So you see here, I just did johN in that shadow file and I didn't have to have to specify what I found from hash id. It already knew that it was shot 5 12.
So you'll see here that it's using a default word list. User share jOHN password list, which is a pretty good list.
Um, I would say a lot of people default to rock you dot txt which is um, zipped in Cali Lennox, you want to specify a word list? You do johN shadow tack, tack word list equals. So usually user share word lists rock you, you have to unzip it and make it a TXT file.
So once it cracks the password and you try to run this again,
you might not see the password and you might wonder what is going on here. So it tells you use the tak tak show option to display all the crack passwords reliably.
So if you're going to try to look at this file again and see that the passengers cracked, you'd simply do johN shadow tactics. Show to see that hunter uh, Pastored show up
So hash cat is faster than john. If you know how to use hash hash hash cat, then you will be able to crack passwords much faster than john I say that. But you also need to know
what number correlates to what hash id. So here I have M zero
And thats MD five
but how do you know that?
In john you can specify the format as format equals
MD five Raw and it will know it's an MD five
but in Hash cat you need to specify exactly what value it is.
So as I say, there's a steeper learning curve
and it uses GPU so that's what makes it faster than john I've had some major issues in VMS using Hash cat. That's why here I am using it in my host Os because it wasn't working in my VM
so which one should you choose?
I would say try both, try both. Um, in trying to crack passwords, you may have an issue in the labs cracking passwords with hash cat, just like I said,
so maybe you use your host os and try it there um, and see if it works. But that's why I say john is probably the more forgiving of the two tools.
Also like I said, pick a good word list Rock you dot txt is huge. It is a huge file and we'll take you days to get through.
So you might have a favorite word list, you might have a word list of 100 100 words, You may have a word list of 1000. Um and it all really depends where that word, that's the correct one lines up in that password file.
If if the correct password is is in rocky.txt but it's 5000 words down. It's going to take some time to crack that if you have a targeted password list of 1000 passwords will go, it will go through that a lot faster. So be strategic in your password lists or your word lists.
Here's some online resources. So you grab a hash value, you can throw it into something like crack station or MD five hashing to crack it and see if someone else has tried to crack it. Of course google, you can use google and there's also a cyber chef. I like cyber chef for a bunch of different reasons. It can analyze hash values and tell you what it is.
It can decode base 64. It has a lot of good functionality and I would just check it out and and see what is on there. Um but you know, sometimes online searches are a lot faster than relying on john or hash cat.
So in summary Now we should be able to explain the various tools available to identify hash values and crack passwords in Cali