Introduction to Password Cracking Tools

00:01

Module 10 password cracking and brute forcing logins.

00:05

An introduction of password cracking tools

00:09

are learning objective is to explain the various tools available to identify hash values

00:14

and crack passwords in Cali Lennox.

00:18

So in Cali we have two weapons of choice if you will.

00:21

One is John the ripper and this is my favorite of the two.

00:26

And it is a command line tool that you have this great gooey still does, but it's not in Cali anymore by default called johnny and it was, I know I said I like the command line better. But out of all the gooey based tools, this is probably my favorite to use and it was very, very user friendly

00:44

hash cat takes a little bit of getting used to. There's a steeper learning curve.

00:49

Um and you really need to know what hash you're working with, otherwise you're not going to crack the password, john is a little bit more forgiving than hash cat.

00:58

Yeah,

01:00

so first things first, you know you're, you're doing oh, SCP and you come across a long string of letters and numbers and dollar signs and you don't know what it is. Of course this goes for P W K and other labs that you do and C T. S.

01:14

Is it a hash value? So how do you figure out what hash that version that is, was it MD five, is it shot to 56? Is it be crypt? I don't know. Um so you can use tools native and kelly one is called hash I. D. And as you see here I had a file named Shadow

01:34

and I simply did hashd shadow

01:36

And analyzed the hash value and it came up with Shah 5 12 crypt.

01:41

I also did it where I specified the hash um just in the command line within single quotes here. And it came up with Wordpress, Jumla and PHP pass. Well I found this on a Wordpress site so I bet you can guess which one that is.

01:57

There's also hash identifier from what I can tell. Hash identifier does not

02:01

analyze files. You have to put every hash in there individually.

02:08

Of course, you can also use google if you see something dollar sign, p dollar sign, you can google that and figure out what that is.

02:19

So john the ripper, this is the more forgiving of the two tools and if you were a junior pen tester or junior hacker, this should be your tool of choice. Um I say you should learn both but john is very, very forgiving because you can simply type john put in the password file

02:36

and it will try to figure out what that hash value is in crack it for you.

02:39

There's also this single crack mode, if you have a username and a password from what I understand, simple crack mode will try a combination of the user name. You know, maybe it will make upper case, lower case or lowercase uppercase or try a one in there.

02:55

Um, so that's what single crack mode is. So johN has a lot of functionality

03:00

by default.

03:02

Yeah.

03:05

So you see here, I just did johN in that shadow file and I didn't have to have to specify what I found from hash id. It already knew that it was shot 5 12.

03:15

So you'll see here that it's using a default word list. User share jOHN password list, which is a pretty good list.

03:22

Um, I would say a lot of people default to rock you dot txt which is um, zipped in Cali Lennox, you want to specify a word list? You do johN shadow tack, tack word list equals. So usually user share word lists rock you, you have to unzip it and make it a TXT file.

03:42

So once it cracks the password and you try to run this again,

03:45

you might not see the password and you might wonder what is going on here. So it tells you use the tak tak show option to display all the crack passwords reliably.

03:54

So if you're going to try to look at this file again and see that the passengers cracked, you'd simply do johN shadow tactics. Show to see that hunter uh, Pastored show up

04:10

hash cat.

04:12

So hash cat is faster than john. If you know how to use hash hash hash cat, then you will be able to crack passwords much faster than john I say that. But you also need to know

04:24

what number correlates to what hash id. So here I have M zero

04:30

And thats MD five

04:32

but how do you know that?

04:34

In john you can specify the format as format equals

04:41

MD five Raw and it will know it's an MD five

04:45

but in Hash cat you need to specify exactly what value it is.

04:51

So as I say, there's a steeper learning curve

04:55

and it uses GPU so that's what makes it faster than john I've had some major issues in VMS using Hash cat. That's why here I am using it in my host Os because it wasn't working in my VM

05:11

so which one should you choose?

05:13

I would say try both, try both. Um, in trying to crack passwords, you may have an issue in the labs cracking passwords with hash cat, just like I said,

05:23

so maybe you use your host os and try it there um, and see if it works. But that's why I say john is probably the more forgiving of the two tools.

05:34

Also like I said, pick a good word list Rock you dot txt is huge. It is a huge file and we'll take you days to get through.

05:44

So you might have a favorite word list, you might have a word list of 100 100 words, You may have a word list of 1000. Um and it all really depends where that word, that's the correct one lines up in that password file.

05:57

If if the correct password is is in rocky.txt but it's 5000 words down. It's going to take some time to crack that if you have a targeted password list of 1000 passwords will go, it will go through that a lot faster. So be strategic in your password lists or your word lists.

06:17

Here's some online resources. So you grab a hash value, you can throw it into something like crack station or MD five hashing to crack it and see if someone else has tried to crack it. Of course google, you can use google and there's also a cyber chef. I like cyber chef for a bunch of different reasons. It can analyze hash values and tell you what it is.

06:38

It can decode base 64. It has a lot of good functionality and I would just check it out and and see what is on there. Um but you know, sometimes online searches are a lot faster than relying on john or hash cat.