Password Cracking

Identify hash

• https://hashes.com/en/tools/hash_identifier

Cracking hash

• https://crackstation.net CrackStation uses massive pre-computed lookup tables to crack password hashes

Cracking shadow

# unshadow use also GECOS information (field containing information about the user).
unshadow passwd.txt shadow.txt > unshadowed.txt

# sha512crypt [$6$] - With wordlist
hashcat -a 0 -m 1800 hash.txt wordlist.txt
# sha512crypt [$6$] - With wordlist and rules
hashcat -a 0 -m 1800 hash.txt wordlist.txt -r /usr/share/hashcat/rules/best64.rule

Cracking online passwords

# Basic Authentication 
hydra -L users.txt -P password.txt -vV example.com http-get /basic # Basic Authentication
    # IMPORTANT NOTE: /basic and /basic/ are different... so pay attention to set the correct path
# HTTP login
hydra -L <users_file> -P <password_file> <url> http[s]-[post|get]-form \ "index.php:param1=value1&param2=value2&user=^USER^&pwd=^PASS^&paramn=valn:[F|S]=messageshowed"
# Service
hydra -L user.txt -P pass.txt <ip> <protocol> 

Rules (password bruteforce)

• FIRST CHOICE: best64 (now best66). Fast, works well.

  • https://github.com/hashcat/hashcat/blob/master/rules/best66.rule

• SECOND/THIRD CHOICE: InsidePro-PasswordsPro (~3000) && InsidePro-Hashmanager (~7000)

  • (2) https://github.com/hashcat/hashcat/blob/master/rules/InsidePro-PasswordsPro.rule

  • (3) https://github.com/hashcat/hashcat/blob/master/rules/InsidePro-HashManager.rule

  • You can also combine them...

• FOURTH CHOICE: OneRuleToRuleThemAll. (~50k). The best.

  • https://github.com/NotSoSecure/password_cracking_rules/blob/master/OneRuleToRuleThemAll.rule

Generate wordlist based on rules

https://weakpass.com/generate

More info about rules:

• https://notsosecure.com/one-rule-to-rule-them-all

• https://trustedsec.com/blog/better-hacking-through-cracking-know-your-rules