Password Cracking

Every method is a brute-force attack, but passwords can be tried in different smart ways, here we can use hydra and hashcat.

Installations


sudo apt install hydra
sudo apt install hashcat
flowchart TD A[online] --- B[offline]; subgraph "Method 1"; A --> C(hydra); end; subgraph "Method 2"; B --> D(hashcat) end;

Online method

Online method is a way to hack the password by trial and error with their login page. This is easily blocked by firewall with too many unsuccessful attempts.

Offline method

Offline requires the hacker to find the password hash beforehand. And crack the password by knowing which hash table it is (whether it is from windows 10, unix, shasum, md5, etc.). Methods to get hash are quite illegal suggested in the link.

Terminologies

How to use hydra?


sudo hydra -L usernames.txt -P pwds.txt ip ssh # L for list of users, P for list of passwords
sudo hydar -l "username"  -p "pwd" ip ssh # l for one user, p for one password

How to use hashcat?

  1. Find the hash from,
    2. 
sudo cat /etc/shadow | grep username # it should be shown in between 1st : and 2nd :
  2. Create password list file and hash file, then run hashcat, 
    3. 
sudo hashcat -a 0 -m 1800 -o cc.txt hh2.txt pp2.txt --potfile-path ./pot.pot 
# a: attack mode , m: hash type, o: output
sudo cat cc.txt # only sudo vim sudo cat can show

    If it has matches, it outputs cc.txt file. You need to reset the matches by deleting pot file.

References

  1. rockyou password list
  2. How does an attacker get access to hashed passwords?
  3. Top 10 Web Application Security Risks
  4. How to install libOpenCL.so on ubuntu
  5. Driver Timeout Patch