PentOpsVault @syztem4our666

PentOpsVault
Pentesting Linux

Passwords

Hashes

Offline password cracking

We might find passwords or other credentials in databases. These are often hashed, so we need to first identify which hash it is and then try to crack it. The first step is to identify the hash-algorithm that was used to hash the password.

Identify hash

There are generally speaking three pieces of data we can use to identify a hash.

  • The length of the hash
  • The character set
  • Any special characters

In order to identify a hash we can either use specialized tools that analyze the hash and then return a guess on which algorithm it is. An easier way is of course to just look in the documentation of the software where you found the hashes. It usually says in the documentation or the source code which type of hash is being used.

In kali we can use hash-identifier or hashid:

hash-identifier 
hashid

Password Cracking Cheatsheet

John the Ripper

Basic Usage

john hashes.txt                  # Crack password hashes stored in hashes.txt
john --wordlist=wordlist.txt hashes.txt  # Crack passwords using a wordlist
john --rules --wordlist=wordlist.txt hashes.txt  # Apply word mangling rules to the wordlist
john --incremental hashes.txt    # Perform incremental brute force attack

Formats

john --format=md5 hashes.txt     # Specify hash type as MD5
john --format=sha256 hashes.txt  # Specify hash type as SHA256
john --format=bcrypt hashes.txt  # Specify hash type as bcrypt

Advanced Options

john --fork=4 hashes.txt        # Run John with multiple threads (4 threads)
john --session=MySession        # Specify session name for the cracking session
john --show                     # Show cracked passwords
john --format=dynamic hashes.txt  # Detect hash type automatically

Miscellaneous

john --test hashes.txt          # Test hash cracking speed
john --make-charset=charset.txt # Generate custom character set

Hashcat

Basic Usage

hashcat -m 0 hashes.txt wordlist.txt  # Crack MD5 hashes using a wordlist
hashcat -m 1000 hashes.txt wordlist.txt  # Crack SHA256 hashes using a wordlist
hashcat -m 1800 hashes.txt wordlist.txt  # Crack bcrypt hashes using a wordlist

Brute Force

hashcat -m 0 -a 3 hashes.txt ?a?a?a?a  # Brute force MD5 hashes using alphanumeric characters
hashcat -m 1000 -a 3 hashes.txt ?a?a?a?a?a  # Brute force SHA256 hashes using alphanumeric characters
hashcat -m 1800 -a 3 hashes.txt ?a?a?a?a?a?a  # Brute force bcrypt hashes using alphanumeric characters

Rule-based Attacks

hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/best64.rule  # Apply rules from a rule file
hashcat -m 1000 -a 0 hashes.txt wordlist.txt -r rules/dive.rule  # Apply specific rules from a rule file
hashcat -m 1800 -a 0 hashes.txt wordlist.txt -r rules/combinator.rule  # Combine wordlist with wordlist

Performance Tuning

hashcat --force                    # Ignore warnings and force hash cracking
hashcat --optimized-kernel-enable # Use optimized kernel for AMD/NVIDIA GPUs
hashcat --gpu-temp-disable        # Disable temperature and fan speed checks

Miscellaneous

hashcat --benchmark   # Run a benchmark to measure hash cracking speed
hashcat --stdout      # Output hash cracking results to stdout
hashcat --help        # Display help message with all available options

Previous

Basic Linux Privilege Escalation

Next

Transfer Files

On this page

Offline password crackingIdentify hashPassword Cracking CheatsheetJohn the RipperBasic UsageFormatsAdvanced OptionsMiscellaneousHashcatBasic UsageBrute ForceRule-based AttacksPerformance TuningMiscellaneous
Edit on GitHub