Cracking Tricks

John The Ripper

Dictionary attack

Save hash in a file:

echo "e10e3f4d457866b4944fd3fb34f12780" > hash

john --wordlist=/usr/share/wordlists/rockyou.txt hash

Identify the format type:

Using tools like hash-id, hash-identifier, haiti or google we know the format name, but then we need to know the format used for John:

john --list=formats | grep -i md5

john --wordlist=/usr/share/wordlists/rockyou.txt -format=Raw-MD5 hash

Mask attack

Rule attack

External attack

External mode allows the implementation of C code that John can call.

Incremental attack

Hashcat

Dictionary attack

Save hash in a file:

echo "e10e3f4d457866b4944fd3fb34f12780" > hash

Identify the format type:

Using tools like hash-id, hash-identifier, haiti or google we know the format name, but then we need to know the format used for Hashcat, in this examples https://hashcat.net/wiki/doku.php?id=example_hashes we can extract it or using:

hashcat -h | grep -i md5

Core attack modes

• Dictionary attack - trying all words in a list; also called “straight” mode (attack mode 0, -a 0)

• Combinator attack - concatenating words from multiple wordlists (-a 1)

• Brute-force attack and Mask attack - trying all characters from given charsets, per position (-a 3)

• Hybrid attack - combining wordlists+masks (-a 6) and masks+wordlists (-a 7); can also be done with rules

• Association attack - use an username, a filename, a hint, or any other pieces of information which could have had an influence in the password generation to attack one specific hash (-a 9)

hashcat -a 0 -m 0 hash /usr/share/wordlists/rockyou.txt -o cracked.txt

Mask attack

Rule attack

Save a detailed trace of the cracking