❎Password Cracking

Hash Identification

HashID
Name-That-Hash [<https://github.com/HashPals/Name-That-Hash>]
Haiti [<https://github.com/noraj/haiti>]

John The Ripper

Basic Command

john <hash-file>

Commands Used in INE LABS

john -incremental -users:<users list> <file to crack

john -incremental -users:victim passwd_and_shadow_hashes.john

Show Already Cracked Passwords

john --show passwd_and_shadow_hashes.john

Show Supported Formats in john

john --list=formats

Regular commands

john --wordlist=/usr/share/wordlists/rockyou.txt password_hashes.txt

john --wordlist=/usr/share/wordlists/rockyou.txt user_password_hashes.txt --format=NT

Notations

-incremental ==> Use pure Bruteforce attack [It require a lot of time to crack passwords]
--wordlist ==> Wordlist File to use [Dictionary Attacks]
--format ==> Type of hash to test for NT ==> For Windows hashdump
--list ==> list data according to need
-users:<username> ==> user of the password to crack

Processing /etc/shadow and /etc/passwd file to john format

unshadow passwd shadow > passwd_and_shadow_hashes.john