# Cracking Tricks

## John The Ripper

### Dictionary attack

Save hash in a file:

```bash
echo "e10e3f4d457866b4944fd3fb34f12780" > hash
```

```bash
john --wordlist=/usr/share/wordlists/rockyou.txt hash
```

Identify the format type:

Using tools like hash-id, hash-identifier, haiti or google we know the format name, but then we need to know the format used for John:

```bash
john --list=formats | grep -i md5
```

```bash
john --wordlist=/usr/share/wordlists/rockyou.txt -format=Raw-MD5 hash
```

### Mask attack

### Rule attack

### External attack

[External mode](https://www.openwall.com/john/doc/EXTERNAL.shtml) allows the implementation of C code that John can call.

### Incremental attack

## Hashcat

### Dictionary attack

Save hash in a file:

```bash
echo "e10e3f4d457866b4944fd3fb34f12780" > hash
```

Identify the format type:

Using tools like hash-id, hash-identifier, haiti or google we know the format name, but then we need to know the format used for Hashcat, in this examples <https://hashcat.net/wiki/doku.php?id=example_hashes> we can extract it or using:

```bash
hashcat -h | grep -i md5
```

> ### [Core attack modes](https://hashcat.net/wiki/) <a href="#core_attack_modes" id="core_attack_modes"></a>
>
> * [Dictionary attack](https://hashcat.net/wiki/doku.php?id=dictionary_attack) - trying all words in a list; also called “straight” mode (attack mode 0, `-a 0`)
> * [Combinator attack](https://hashcat.net/wiki/doku.php?id=combinator_attack) - concatenating words from multiple wordlists (`-a 1`)
> * [Brute-force attack](https://hashcat.net/wiki/doku.php?id=mask_attack) and [Mask attack](https://hashcat.net/wiki/doku.php?id=mask_attack) - trying all characters from given charsets, per position (`-a 3`)
> * [Hybrid attack](https://hashcat.net/wiki/doku.php?id=hybrid_attack) - combining wordlists+masks (`-a 6`) and masks+wordlists (`-a 7`); can [also be done with rules](https://hashcat.net/wiki/doku.php?id=toggle_attack_with_rules)
> * [Association attack](https://hashcat.net/wiki/doku.php?id=association_attack) - use an username, a filename, a hint, or any other pieces of information which could have had an influence in the password generation to attack one specific hash (`-a 9`)

```bash
hashcat -a 0 -m 0 hash /usr/share/wordlists/rockyou.txt -o cracked.txt
```

### Mask attack

### Rule attack

### Save a detailed trace of the cracking&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://lanzt.gitbook.io/cheatsheet-pentest/generic-ideas/cracking-tricks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.