Okay. Now let's look at another tool called hash Cat. There's also a virgin cold Rocio
but that's gonna be based on using GP. Use your graphics cards show your hardcore gaming machines would be appropriate for this. Our virtual machine is not remotely
appropriate for this. It wouldn't do us any good, so we could just use the regular version of hash Cap. If you're interested in getting into password cracking, I would encourage you to build
password cracking box or get one online.
One of the cloud service is
we're gonna use regular hash cat.
Well, nice. This couple of had a shirt will expire.
What do you do? It has that
dash dash, Help us. We need to actually tell it the mode,
so we're not going to be able to just have it. Guess
grab one of these mode numbers. We want se nt Hatcher's NTL in. That's
Try that one on our window. Seven. We had we got Lisa's password is football, but we don't know honestly, I don't know cause where it is, And James and Martin also have passwords. Maybe we can get some of them
we want the mode is 1000
hash cat also has a built in word lists over Go to use your share
wordless. Maybe it doesn't,
um it just have rules. So you see those? We can look at my these, but
gonna use your share wordless
some more in Kelly that we can use.
No, I guess there's not one
built in with hash. Got seemed to think that there was, but I guess not. There's this rock you dot tex dot jeezy. We're gonna have to use guns that open it. Thistle's a good 1 may take a while, but it's pretty big. It's a word list. It's actually one of the ones they use.
the big. So just unzip that with guns up,
so just rock you don't text. I wouldn't encourage you to open it because it'll probably hang your bm Is it so big the Nano tried to open it.
It'll just freak out.
cash cats not has dump trash cat dash in for mode R mode is going to be with the 1000
and our input file is going to be desktop
when those seven has is stopped. Text
dash over the output was Just call it
text on. Then we need the word list of the future share
word lists rock you don't text.
This is one of the things that annoys me about hash out. I like hash got headshots even through the one that people are moving to the John. The Ripper's going back into development, so
it's kind of hard the tower from better. But I don't like the fact that it's complaining. It can't load the has. There's not only do I have to know the mode, which isn't so hard here, but if we tried our limits ones don't know what those are,
you have to find out. It actually won't let us just load what comes out of a typical password hash dumper.
So what we actually have to do?
no seven hazards dot text make a copy first.
What we want to do is just have the element has shall we even have to get rid of the user name so that I could be a little bit annoying? I think that all you get
is the hash and in the plane traction. And it's up to you to write some sort of script to get them back to the user names. If you want them,
though, we could have also used, like, cut on this. I mean, it's all Coghlan's. Those wouldn't have been too hard
to use cut rather than doing it this long way. Certainly, if you have
longer list, that's what you'd want to D'oh!
All right, You know what? We've done that. Let's try it again.
Don't recovered four out of the six,
so I was pretty fast.
What did we put the output? Violent. 17 cracks. Not fact.
now saying it was password. Okay,
right, Minister Blank.
So you're saying that my password was password like it was supposed to bay? I'm not entirely sure why John wasn't picking it up. It has to be something about the pot file. John has the pot file where it stores the stuff it's already found. I think doing that dash data show should have shown it. But
once it's cracked, the password has I won't do it again. unless you delete the pots, I'll
tradition other way to do it. But all it really has served to do in my life has managed to make my classes screw up because I use the same VM.
Um, so that has to be Why so we got
And it's kind of knowing you have to do this so it looks like we don't
we do have a password for James. Looks like that password. 123
Pretty common thing to do when you're getting with domains that have a group policy. So it's like just by default, they require certain complexity. Issue uppercase password one or best with 123
I already knew that Lisa was football,
crossword, but we don't have. We still don't have Martin.
Let's see if we can do any better.
But what we can do is actually use those rules,
so use your share hash. Can't
we have some built in rule file? So this is gonna be where it's like mangles the passwords was gonna run through the word list and then try different things on it, in addition to just
Like if it had a password
all in lower case. It might try it all. Upper case. It might uppercase each letter one by one. It might put a one on the end of two on me and my exclamation at the end of all different stuff I like best. 64 rule the the dead One is when I usually use password pro.
Some of the ones in here leet speak. I mean, depending on who you're dealing with. Got I t people leet speak could be a good one.
Anything in here would be worth trying out. And certainly you could get additional rules as well again to a lot of password attacks that
our password research people who spend a lot of time putting together word list and rule sets to try and crack these as fast as possible.
Go up and try this again and I just want
dash are and I want you, Jer here.
rules. Best 64 rule.
First, we'll take a little longer
inner to see how we're doing
back to four of six.
This will take a little bit longer because it has to process the rules. So it's gonna run through
each password that then the rock you dot text multiple times based on what the rules come up with. So
hopefully maybe get Martin's password.
I know what it is, honestly,
and we also have those Lennox passwords. Let's see if I can turn it all here.
So I This would be one of the reasons I would definitely huge John, At least to start, um is the Lennox
has you stop taste because I'm not sure what they are, and it will tell me.
Indy five as well, a shar 5 12
So it has one MD five and then I imagine the rest or the show 5 12
So imagine the the one at the front is the MD five. That's the one I made when I installed the operating system, but kind of makes sense with the rest would be in a different format. That doesn't really make sense, but I could see how that would happen. The rest would be in that shot. Five toils.
Let's overwork my four little CPU here and do John
That's that's word list equals
You know, Georges. Password is password, so that should be
Well, you will get something out here.
Still it. Four of six here.
you could certainly let these run. And
I encourage you to try different passwords like try some stuff with It's not based on a dictionary, words and stuff that is put like,
um, password with a Zatz on letters and numbers Together
your upper cases and lower cases symbols getting near the end and see, you know what you're able
to bring out. Typically when I do password attacks, I get a lot of
simple dictionary word with, like, uppercase first letter or
numbers at the end or symbols of the end.
Something like that.
I mean, I get a lot of that. It's really hard to stop something like that. Come on, give me another password
on the last thing. Well, check in the last things. I want to show you.
One more thing that's kind of silly is that sometimes you may not even have to crack the password. Remember, we have the file villains, for example, seeding his desktop
and here's one for new users and MD five. Look at Google and find out
that's how follow those stores. Its passwords
look actually to stick this into Google in addition to building your own password cracking rigged with GP use. There are online service is that will do password cracking,
but I encourage youto
you're into building hardware
to go gaming rig on, turn it into
Course doesn't want to do to people on here. I'm not entirely sure why.
Where to stick that hard in the Google and actually comes out
with the correct crosswords air like right here. It actually, I don't even have to click on it. It's just the plain text is lamp, So that's the default for files alive.
User name. New user on
didn't tell me it isn't all that I needed to change that. So it's just sitting there
now against some pump. You may not even have to crack it.
Angela's password is Quartey.
What a terrible passwords. We did get one of the Lenox passwords houses out
cash cat. Even the regular harsh cat seems to get a little bit faster than this.
Chevron 5 12 crypt may be slower toe has You never know.
So another thing you could do. Once you're done with your password cracking, you use this tool called people. This will actually allow you to get some statistics off your passwords.
do another. James's password is green.
I just added them back in again as I wrote him to the same file.
But a tipple on Win seven cracked up text.
What this is going to do is give me some statistics. There's really not much in this one, since there's not many, but usually when I do these, I get
awesome stuff like it have the months and days,
like the amount of, like only lower case. Also only upper cage. Only Alva only merit
126 Characters want AIDS. You get really good passwords, statistics and itjust. Automates is you don't have to do it
yourself, so I really like that as well. No, give your clients and ideas about
what their statistics are
So that is a little bit of password cracking it is a pretty big seal. There's a lot of people who have been a lot of time with the password cracking it being, you know, the main way. We all syndicate it certainly worthwhile to be good at password cracking. So it really comes down to how good your word list is having your rules Heads are,
pour the password policies are your organization that you're doing the cracking against.
But if they're using really, really strong, fast words, it's going to be harder. If they're using really, really weak passwords, it's going to be simple. And also, of course, the algorithm used like our Ellen Hodge. It doesn't matter how strong the password is. We'll still be able to crack.