Scribd
Upload
50 views6 pages

1.password Cracking

Uploaded by

nikhitha.k1818
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
50 views6 pages

1.password Cracking

Uploaded by

nikhitha.k1818
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Advanced Cyber Security

1. a) Password Cracking
Objective: To understand password vulnerabilities and the importance of strong password
Tools: Hashcat, John the Ripper
What is Password Hashing?
Hashing is the process of converting an alphanumeric string into a fixed-size string by using a
hash function. A hash function is a mathematical function that takes in the input string and
generates another alphanumeric string.

Hashcat : Hashcat is a fast password recovery tool that helps break complex password hashes.
Prerequisites: Generate the hash value using
https://www.browserling.com/tools/all-hashes
Example: 42f749ade7f9e195bf475f37a44cafcb (Password123)
48bb6e862e54f2a795ffc4e541caed4d (easy)

Hash Analyzer: Tunnelsup.com to verify the hash value

Step1: Become a root user by providing sudo su


Step2: Open hash identifier

Dept.of CSE-CY, RNSIT Page 1


Advanced Cyber Security

Step3: Paste the hash value press enter it will show possible hashs
Step4: Verify the hash using hash analyzer (Tunnelsup.com)

Step5: Identify the module of MD5 (Since we are dealing with MD5, but in other case module
value would be different)

Dept.of CSE-CY, RNSIT Page 2


Advanced Cyber Security

Step6: Store hashes into any file say hash.txt

Step7: Letus crack the password (hash.txt)

To Search rockyou file in your system provide the command in terminal locate rockyou.txt

Dept.of CSE-CY, RNSIT Page 3


Advanced Cyber Security

Password123: 42f749ade7f9e195bf475f37a44cafcb
Ref: https://www.youtube.com/watch?v=fVgzY5OJeIE

-----------------------------------------------------------------------------------------------------------------------------------------

1. b) John the ripper: John the Ripper (JtR) is a powerful password cracking tool widely used by
security professionals and pen testers.

Let's get cracking.


If you are using Kali Linux, John is pre-installed. You can use John by typing the following command:
$ john
The help command can also be used as a reference when working with John.
$ john –h

Dept.of CSE-CY, RNSIT Page 4


Advanced Cyber Security
How to Use John the Ripper
The following three modes are used in most of the use cases.
1. Single crack mode
2. Wordlist mode
3. Incremental mode
Let’s look at each one of them in detail.
What is Single Crack Mode?
In single-crack mode, John takes a string and generates variations of that string in order to generate a set
of passwords.
variations (STEALTH, Stealth, STealth, and so on).
We use the “format” flag to specify the hash type and the “single” flag to let John know we want to use
the single crack mode. We will also create a crack.txt file which will contain the username and the hash
value of the password.
stealth:d776dd32d662b8efbdf853837269bd725203c579
Now we can use the following command to use John’s single crack mode:
$ john --single --format=raw-sha1 crack.txt
And here is the result. You can see that John has successfully found the correct password “StEaLtH”.

Step1: Identify the hash algorithm used, by using open source platform

OR
Provide command in terminal as hashid hash#
OR
Use online platform: https://hashes.com/en/tools/hash_identifier
OR
Crackstation.com

Step2: save the hash value by using echo command

Dept.of CSE-CY, RNSIT Page 5


Advanced Cyber Security

Step3: Crack the password using command

Ref: https://www.freecodecamp.org/news/crack-passwords-using-john-the-ripper-pentesting-tutorial/

https://www.youtube.com/watch?v=kuse9Nbs-bI&ab_channel=ManishM.Shivanandhan

Dept.of CSE-CY, RNSIT Page 6

You might also like