Scribd Logo
Upload

Welcome to Scribd!

  • Password Attacks Manual

    Uploaded by

    mansiraval262
    17 views3 pages

    Original Title

    password attacks manual

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    17 views3 pages

    Password Attacks Manual

    Uploaded by

    mansiraval262

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    PASSWORD ATTACKS

    This is a basic lab where you’ll get an overview of 3 password attack tools.

    These concepts will be applied in the comprehensive scenario lab.

    During this lab, understand the basic functioning of password attack tools with the help of
    common use case scenarios.

    JOHN THE RIPPER

    https://medium.com/@JAlblas/tryhackme-john-the-ripper-walkthrough-75331d14748c

    Apt install john(if not already present)

    https://www.md5hashgenerator.com/

     Single crack mode


    o create a crack.txt file which will contain the username and the hash value(sha1) of
    the password(StEaLtH).
     stealth:d776dd32d662b8efbdf853837269bd725203c579
    o john --single --format=raw-sha1 crack.txt
     Dictionary mode
    o We provide a list of probabale passwords, which ae hashed and matched with the
    hashed password.
    o Crack.txt with just the hashed password.
     edba955d0ea15fdef4f61726ef97e5af507430c0

    o john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-


    sha1 crack.txt
     crack a linux password
    o unshadow /etc/passwd /etc/shadow > output.db
    o john output.db
     we can also use the –wordlist tag
     crack a zip file password
    o create or use an existing zip file.
    o Generate password hash of a zip file
     zip2john file.zip > zip.hashes
    o crack the hash
     john zip.hashes
     cracking a password protected zip file
    o

    o
    o

    o
     miscellaneous tasks
    o cracking /etc/shadow hashes
     unshadow [path to passwd file] [path to shadow
    file] > unshadowed.txt
     unshadow passwd shadow > unshadowed.txt
     john --wordlist=/usr/share/wordlists/rockyou.txt --
    format=sha512crypt unshadowed.txt
     https://assume-breach.medium.com/hacking-tutorial-how-to-ssh-to-a-remote-system-with-
    a-found-private-key-fbe521bf1efa
     These are the main test case scenarios, we can modify these and create new scenarios if
    required.

    HYDRA

    Go through the following documentation and implement the scenarios.

    Use ip address of the Ubuntu vm as the target machine. Don’t do the HTTP page password attacks.

     https://www.hackingarticles.in/a-detailed-guide-on-hydra/

    Can also go through

    https://medium.com/@jbtechmaven/password-cracking-with-hydra-in-kali-linux-e1ed9de14693

    HASHCAT

     Cracking hashes in a txt file using hashcat


    o https://www.101labs.net/comptia-security/lab-30-how-to-crack-passwords-with-
    hashcat/
     Implement tasks from the following documentation
    o https://thehackerish.com/crack-a-password-techniques-and-hands-on-exercise/]
    o https://medium.com/@joshthedev/step-14-cracking-passwords-with-hashcat-
    9e4f5aebc74
    o https://ethicalhackingguru.com/the-complete-hashcat-tutorial/

    You might also like