Learn Pentesting like a Pro!

Share this post

✅ Quick guide for password cracking

pentesting.academy

✅ Quick guide for password cracking

pentesting.academy
Feb 8
Share this post

✅ Quick guide for password cracking

pentesting.academy
black and silver door knob
Photo by Jason Dent on Unsplash

Learn different techniques to create custom wordlists from the content of a website and how to use John the Ripper or Hashcat to crack Windows or Linux passwords.

Create tailored wordlists

cewl www.example.com -m 6 -w example-cewl.txt

Edit John the ripper config file:

vim /etc/john/john.conf

And add the lines followed by “# NEW RULES” to add two digit number before each dictionary list entry:

[...]
Try the second half of split passwords
-s x**
-s-c x** M l Q
# NEW RULES:
# Add two numbers at the end of each password
$[0-9]$[0-9]
# Add two numbers at the end of each password and a special character such as $!./?
$[0-9]$[0-9]$[$!./?]
$[0-9]$[$!./?]
# ADD HERE MORE RULES

You might also be interested in:

Learn Pentesting like a Pro
Cracking passwords with John the Ripper
If we are cracking local accounts passwords in a Unix/Linux environment. First you will need to merge "/etc/passwd" and "/etc/shadow" system files into one: unshadow passwd shadow > passwd.1 Then there are two possible techniques: Technique #1: Dictionary Attack…
Read more
2 years ago · pentesting.academy

As root:

john --wordlist=example-cewl.txt --rules --stdout > example-cewl-john.txt
hash-identifier
crunch 6 6 0123456789ABCDEF -o crunch.txt
crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha
crunch 8 8 -t ,@@^^%%%
crunch <min lengh> <max length> <alphabet>

Cracking Windows passwords

john 127.0.0.1.pwdump

john --wordlist=/usr/share/wordlists/rockyou.txt 127.0.0.1.pwdump

john --rules --wordlist=/usr/share/wordlists/rockyou.txt 127.0.0.1.pwdump

Cracking Linux passwords

/etc/shadow syntax:

  • $1 = MD5

  • $2, $2a, $2x, $2y, $2b = Blowfish

  • $5 = SHA-256

  • $6 = SHA-512

Using John the Ripper (as root)

unshadow passwd.txt shadow.txt > unshadowed.txt

john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt

Using Hashcat (as root)

Straight attack for MD5:

hashcat -m 0 -a 0 /root/hashes.txt /usr/share/wordlists/rockyou.txt

Combination attack for MD5:

hashcat -m 0 -a 0 /root/hashes.txt /usr/share/wordlists/rockyou.txt

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts and updates.

Share this post

✅ Quick guide for password cracking

pentesting.academy
Comments
TopNew

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing