Hacking is very difficult work and not a joke. In hacking (password) is heart, because password is required everywhere. We use different technique to access our victim’s system password. Password hacking is not so easy like information gathering.
We use different tools of kali Linux for password hacking but sometime password may be encrypted or encoded. It means password may not be in real from.
Password may be encrypted in from of MD4, MD5, SHAI1, SHA256, SHA512 etc. So, we can face difficulty. We cannot password in encrypted from to login also. So we need change our target (encrypted password) into its real from and this process is called password cracking. In kali Linux many tools are used for password cracking.
In our post we will discuss only two main and very powerful tool of kali Linux for password cracking. First John is the Ripper and second is Hashcat. A hacker must have a strong knowledge about encryption.
a) JOHN THE RIPPER:
John the ripper is very strong tool of kali Linux that is used for cracking. It can change many types of encrypted or encoded passwords into their real from. It sport MD4, MD5, SHA1, SHA256, SHA512 and many more encrypted from. It is very easy to use and Pre-installed in kali Linux mostly. So, we can use it directly. A hacker must learn it deeply for best hacking now we will see the main commands of john the ripper.
TO SEE ALL OPTION OF JOHN:
(john)
TO CRACK ENCRYPTED OR HASH PASSWORD:
(john + path of list having hash passwords --format =+Format hash from of your password) e.g. (john /root/Desktop/pass.txt --format=RAW-MD5)
TO CRACK A FILE HAVING PASSWORDS WITH USERNAME AS (USER: ENCODED PASSWORD):
(john --single + path of file --format =+Format hash from of your password) e.g.
(john --single /root/Desktop/pass.txt --format=RAW-MD4)
TO CRACK PASSWORDS USING A PASSWORD LIST:
(john --wordlist + path of password list having real passwords --format =+ hash from of your password) e.g. (john --wordlist= /root/Desktop/dict.txt /root/Desktop/pass.txt --format=RAW-SHA1)
TO USE BEST MODE TO CRACK PASSWORD:
(john –incremental:+ Rule to use + path of hash password list --format =+Format or hash from of your password) e.g. (john --incremental: alpha /root/Desktop/pass.txt --format=RAW-SHA1)
TO CRACK PASSWORD FILE HAVING USERNAME : PASSWORD AND OTHER DETAILS CALLED SHADOW FILE:
(john +path of shadow file --wordlist = path of password list having real passwords) e.g.
(john /root/Desktop/shadow.txt --wordlist = /usr/share/wordlists/rockyou.txt)
TO CRACK MANY FILE AT A TIME:
(john + path of all hash files --format =+ hash from of your password) e.g.
(john /root/Desktop/pass1.txt /root/Desktop/pass2.txt --format=RAW-SHA512)
Password cracked in john in kali Linux
So these were some main and basic commands of john the ripper to crack password. So, best of luck for john the ripper.
b) HASHCAT:
Hashcat is also a tool of kali Linux that is used to password cracking. We can change the encoded password into real from hashcat. Hashcat supports MD4, MD5, SHA1, SHA256, SHA512 etc. We can use hashcat same as john the ripper. It is very powerful tool like john. So, a hacker must learn it deeply for password cracking. It is mostly pre-installed in kali Linux so, we can use it directly.
Now we will discuss the main command of hashcat for password cracking.
TO SEE ALL OPTION OF HASHCAT:
(hashcat --help)
TO USE WORDLIST MODE TO CRACK PASSWORD IN HASH FROM:
(hashcat -a + wordlist mode number -m + number of hash format + path of file having hash values + path of password list having real password) e.g.
(hashcat -a 0 -m 0 /root/Desktop/lpass.txt /usr/share/wordlists/rockyou.txt)
TO SAVE CRACKED PASSWORD OUTPUT IN FILE:
(hashcat -a + mode number -m + number of hash format according + path of list having encoded or hash passwords + path of password list having real password --outfile + path of file to save output) e.g.
(hashcat -a 0 -m 0 /root/Desktop/pass.txt /usr/share/wordlists/rockyou.txt --outfile /root/Desktop/output.txt)
TO USE COMBINATION MODE TO CRACK PASSWORDS:
(hashcat -a + mode number of combination mode -m + number of hash format according to hashcat + path of list having hash passwords + path of first wordlist having real passwords + path of other password list having real passwords) e.g.
(hashcat -a 1 -m 0 /root/Desktop/lpass.txt /usr/share/wordlists/rockyou.txt /usr/share/wordlists/drib)
TO USE BRUTE FORCE MODE TO CRACK PASSWORD:
(hashcat -a + number of brute force mode according to hashcat -m + number of hash format according to hashcat + path of password list having hash passwords +”Type of password as (?a) for combine) e.g.
(hashcat -a 3 -m 0 /root/Desktop/pass2.txt “?a?a?a?a”)
TO USE BRUTE FORCE ATTACK MODE IF PASSWORD LENGTH IS NOT KNOW:
(hashcat -a + number of brute force mode -m + number of hash format --increment -increment-min + minimum length of password --increment -max + maximum length of password + path of file having hash passwords +”Type of password”) e.g.
(hashcat -a 3-m 0 --increment -increment-min 3 --increment -max 8 /root/Desktop/pass.4txt ?a?a?a?a?a?a?a)
TO IGNORE WARNINGS OR ERRORS DURING CRACKING:
(hashcat -a + mode number of attack mode -m + number password format + path of encoded list + path of first wordlist of real passwords --force) e.g.
(hashcat -a 1 -m 0 /root/Desktop/lpass.txt /usr/share/wordlists/rockyou.txt --force)
Cracked passwords in Hashcat
TO BYPASS THE ERRORS, TO SET A TIME TO IGNORE ERRORS:
(hashcat -a + number of attack mode -m + number of hash format + path of encryped passwords lists + path of real passwords list --stdin-timeout-abort +=time in seconds)
(hashcat -a 0 -m 0 /root/Desktop/pass.txt /usr/share/wordlists/rockyou.txt –stdin-timeout-abort = 30)
TO DISPLAY THE OUTPUT ON SCREEN IN MACHINE READABLE FORMAT DURING CRACKING:
(hashcat -a + number of attack mode -m + number of hash -fomate + path of encrypted passwords lists + path of real passwords list --machine-redable)
(hashcat -a 0 -m 0 /root/Desktop/pass.txt /usr/share/wordlists/rockyou.txt --mchine-redable)
So, these were some main commands of hashcat. Hash cat has many options to use in command but those options are not used mostly and hard to use. Mostly basic and main commands are used to crack passwords in encrypted form. So, we must learn only main commands and options to use. But important thing in hashcat is that we must know the number of attack mode as (1) for combination attack mode), (0) for (wordlist attack mode) and (3) for (brute force attack mode). Also we must know the number of hash format according to hashcat, as (0) for (md5), (900) FOR (MD4), 100 for (SHA1) and these are given in the (help menu) of hashcat. So best of luck for hashcat for password cracking.