Scribd
Upload
243 views3 pages

Password Attack Tools Overview

This document provides an overview of three password cracking tools: John the Ripper, Hydra, and Hashcat. It describes how to install and use each tool to crack single passwords, dictionaries, Linux and zip file passwords. It also includes links to documentation on implementing password cracking scenarios with these tools.

Uploaded by

mansiraval262
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
243 views3 pages

Password Attack Tools Overview

This document provides an overview of three password cracking tools: John the Ripper, Hydra, and Hashcat. It describes how to install and use each tool to crack single passwords, dictionaries, Linux and zip file passwords. It also includes links to documentation on implementing password cracking scenarios with these tools.

Uploaded by

mansiraval262
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

PASSWORD ATTACKS

This is a basic lab where you’ll get an overview of 3 password attack tools.

These concepts will be applied in the comprehensive scenario lab.

During this lab, understand the basic functioning of password attack tools with the help of
common use case scenarios.

JOHN THE RIPPER

https://medium.com/@JAlblas/tryhackme-john-the-ripper-walkthrough-75331d14748c

Apt install john(if not already present)

https://www.md5hashgenerator.com/

 Single crack mode


o create a crack.txt file which will contain the username and the hash value(sha1) of
the password(StEaLtH).
 stealth:d776dd32d662b8efbdf853837269bd725203c579
o john --single --format=raw-sha1 crack.txt
 Dictionary mode
o We provide a list of probabale passwords, which ae hashed and matched with the
hashed password.
o Crack.txt with just the hashed password.
 edba955d0ea15fdef4f61726ef97e5af507430c0

o john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-


sha1 crack.txt
 crack a linux password
o unshadow /etc/passwd /etc/shadow > output.db
o john output.db
 we can also use the –wordlist tag
 crack a zip file password
o create or use an existing zip file.
o Generate password hash of a zip file
 zip2john file.zip > zip.hashes
o crack the hash
 john zip.hashes
 cracking a password protected zip file
o

o
o

o
 miscellaneous tasks
o cracking /etc/shadow hashes
 unshadow [path to passwd file] [path to shadow
file] > unshadowed.txt
 unshadow passwd shadow > unshadowed.txt
 john --wordlist=/usr/share/wordlists/rockyou.txt --
format=sha512crypt unshadowed.txt
 https://assume-breach.medium.com/hacking-tutorial-how-to-ssh-to-a-remote-system-with-
a-found-private-key-fbe521bf1efa
 These are the main test case scenarios, we can modify these and create new scenarios if
required.

HYDRA

Go through the following documentation and implement the scenarios.

Use ip address of the Ubuntu vm as the target machine. Don’t do the HTTP page password attacks.

 https://www.hackingarticles.in/a-detailed-guide-on-hydra/

Can also go through

https://medium.com/@jbtechmaven/password-cracking-with-hydra-in-kali-linux-e1ed9de14693

HASHCAT

 Cracking hashes in a txt file using hashcat


o https://www.101labs.net/comptia-security/lab-30-how-to-crack-passwords-with-
hashcat/
 Implement tasks from the following documentation
o https://thehackerish.com/crack-a-password-techniques-and-hands-on-exercise/]
o https://medium.com/@joshthedev/step-14-cracking-passwords-with-hashcat-
9e4f5aebc74
o https://ethicalhackingguru.com/the-complete-hashcat-tutorial/

You might also like