# Cracking Tricks

## John The Ripper

### Dictionary attack

Save hash in a file:

```bash
echo "e10e3f4d457866b4944fd3fb34f12780" > hash
```

```bash
john --wordlist=/usr/share/wordlists/rockyou.txt hash
```

Identify the format type:

Using tools like hash-id, hash-identifier, haiti or google we know the format name, but then we need to know the format used for John:

```bash
john --list=formats | grep -i md5
```

```bash
john --wordlist=/usr/share/wordlists/rockyou.txt -format=Raw-MD5 hash
```

### Mask attack

### Rule attack

### External attack

[External mode](https://www.openwall.com/john/doc/EXTERNAL.shtml) allows the implementation of C code that John can call.

### Incremental attack

## Hashcat

### Dictionary attack

Save hash in a file:

```bash
echo "e10e3f4d457866b4944fd3fb34f12780" > hash
```

Identify the format type:

Using tools like hash-id, hash-identifier, haiti or google we know the format name, but then we need to know the format used for Hashcat, in this examples <https://hashcat.net/wiki/doku.php?id=example_hashes> we can extract it or using:

```bash
hashcat -h | grep -i md5
```

> ### [Core attack modes](https://hashcat.net/wiki/) <a href="#core_attack_modes" id="core_attack_modes"></a>
>
> * [Dictionary attack](https://hashcat.net/wiki/doku.php?id=dictionary_attack) - trying all words in a list; also called “straight” mode (attack mode 0, `-a 0`)
> * [Combinator attack](https://hashcat.net/wiki/doku.php?id=combinator_attack) - concatenating words from multiple wordlists (`-a 1`)
> * [Brute-force attack](https://hashcat.net/wiki/doku.php?id=mask_attack) and [Mask attack](https://hashcat.net/wiki/doku.php?id=mask_attack) - trying all characters from given charsets, per position (`-a 3`)
> * [Hybrid attack](https://hashcat.net/wiki/doku.php?id=hybrid_attack) - combining wordlists+masks (`-a 6`) and masks+wordlists (`-a 7`); can [also be done with rules](https://hashcat.net/wiki/doku.php?id=toggle_attack_with_rules)
> * [Association attack](https://hashcat.net/wiki/doku.php?id=association_attack) - use an username, a filename, a hint, or any other pieces of information which could have had an influence in the password generation to attack one specific hash (`-a 9`)

```bash
hashcat -a 0 -m 0 hash /usr/share/wordlists/rockyou.txt -o cracked.txt
```

### Mask attack

### Rule attack

### Save a detailed trace of the cracking&#x20;