Cracking Hashes

Cracking of hashes is a brute force method. We take a list of known passwords, compute the hash and compare it with the hash that is to be cracked. As you can see this is a trial and error methos so it can take many iterations before the password is found. So in order to crack a hash, the more powerful system that you have the faster can the tool compute hashes. These tools predominently depend on the GPU and RAM of the system.

John the Ripper

This tool uses the rules that are defined in the configuration file and the parameters passed to the tool to crack the hash.

The following command can be used to crack a hash from an NT system,

john --rules --wordlist=rockyou.txt hash.txt --format=NT

Linux

There is an extra step while trying to crack the hash from a linux system as the hash has to be unshadowed before it can be cracked. The following command will unshadow the hash,

unshadow passwd-file.txt shadow-file.txt > unshadowed.txt
john --rules --wordlist=rockyou.txt unshadowed.txt

Hashcat

Hashcat is one of the fastest tool for cracking hashes and it offers to crack a wide variety of hashes.

hashcat -m 0 -a 0 -o output.txt hashes.txt 

m - indicates the type of hash, in this case 0 is for md5

a - indicates a dictionary attack using 0

o - To write the hash to an output file

List of some

0500 - Cracking password contained in the passwd file of Linux, MD5(Unix), MD5crypt

5600 - NetNTLM hash of Windows

1000 - NTML hash of windows

13100 - Cracking of hash of SPN created by Mimikatz

Wordpress Hashes

The hashes generated by Wordpress (Portable PHP Password Hashes) for safe guarding the passwords of its users can be cracked using the following online password cracker,

Encrypted ZIP Files

Encrypted zip files can be cracked using John by first extracting the hash of the files and then running John with a wordlist on the hash.

The hash can be extracted using John using the following the command,

john --format=zip site.hash

Then John along with the wordlist can be run to crack the password using the following command,

john --format=zip site.hash --wordlist=/usr/share/wordlists/rockyou.txt.ori

The encrypted files can be opened using 7z with the following command,

7z x <filename>

Last updated