Kali Linux Theharvester an Email harvester [Tutorial 2018]

TheHarvester .py

Description: theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

It is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.

Passive Information Gathring

google: google search engine- www.google.com·
googleCSE: google custom search engine·
google-profiles: google search engine, specific search for Google profiles·
bing: microsoft search engine – www.bing.com·
bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)·
pgp: pgp key server – pgp.rediris.es·
linkedin: google search engine, specific search for Linkedin users·
vhost: Bing virtual hosts search·
twitter: twitter accounts related to an specific domain (uses google search)·
googleplus: users that works in target company (uses google search)·
shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts (http://www.shodanhq.com/)

Active Information Gathering

DNS brute force: this plugin will run a dictionary brute force enumeration
DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
DNS TDL expansion: TLD dictionary brute force enumeration

Getting Started with Theharvester

In Kali Linux theharvester tool is inbuilt and can be run a simple command in terminal

#theharvester

Theharvester Usage Options

Lot of tools are included in to theharvester package and can be used to by using switch like -d switch is used to define domain names and -l is used to limit number of the result. In the following image you can see all available switch.

Theharvester Usage Example

Search from email addresses from a domain (-d example.com), limiting the results to 500 (-l 500), using Google (-b google):

#theharvester -d example.com -l 500 -b google

source : theharvester

MODULE 4:- Information Gathering

How to use dnsenum for dns enumeration – Kali

How to use dig command in Kali Linux

whois Kali Linux commands with example

Enumerating DNS Records through dnsenum tool in Kali Linux

Email Harvesting by theharvester tool in Kali Linux

Google Hacking | Open Web Information Gathering

dnsmap | DNS Domain name system brute force attacks

Zone Transfer using dnswalk tool

Website information Gathering through Nikto tool

Search Senstive Data through Metagoofil Kali Linux 2.0

8 Steps to run Maltego Kali Linux – beginner guide

Best keylogger Windows 10 pc – Full tutorial

MODULE 8:- System Hacking

How to get administrator privileges on windows 10

Best keylogger Windows 10 pc – Full tutorial

Keystroke logging with keystroke recorder and its types

Top 10 Tools Used For Maintaining Access of Exploited System

Record keystrokes in Window 10

Want to record keystrokes are pressed by other person (USER) in the absence of you. Or you are Manager and wanna to see activity done by employee in your company, or Want to watch over your Girl friend/boy friend’s activity on his computer. So just go my first post Keystroke logging with keystroke recorder and its types and then continue with this article.

Best Keylogger Windows 10

The recent release of Elite is a best Keylogger windows 10 and MAC. It is latest version available for download it official website http://www.elite-keylogger.net/ This version comes with following features.

Capture username and passwords
Capture screenshots
Protect your loved (kids) from online
Read instant and messages and emails
Track applications and printouts
Record all visited website
100% invisible keylogger
Multiple report delivery methods

Download Elite Keylogger for windows 10:

Download and install keylogger from official website http://www.elite-keylogger.net/ available for Windows and MAC OS X.

Install and use Elite Keylogger

To start installation wizard click on downloaded .exe file and check on I accept the terms of license and click Next:

This program will be 100% invisible so you need to check show instruction on hide the program

In next step create system restore point to protect any crash in future.

I never want to uninstall automatic select never and start install by clicking on install.

It will work like a virus so make whitelist for you antivirus.

Unhiding Elite Keylogger windows 10 PC

To unhide Elite Keylogger, please follow these simple steps:

Press WIN+R, or launch Run dialog going to Start menu -> Run
Type“unhide” (this is th default unhide keyword, you should change it in Main Options
Do not press Enter, or click OK! Elite Keylogger tracks the sequence and will be unhidden automatically if the keyword is only typed.
Type in your unhide password (if it is the first time you launch it, it will ask you to set the unhide password, type it in and go to Step 1)
If the unhide password is correct, you will be granted the access to Elite Keylogger.

GENERATING LOGS

After you unhide Elite Keylogger, you need to generate logs for the date you are interested in to view them. Generating logs is really simple:

Go to View logs in right sidebar
Select the date you would like to view the logs for in the calendar.
Press the “View logs for DD mmm” button to start logs generation.

VIEWING KEYSTROKES LOG

As soon as you click on the view logs the keystrokes will display by default, or To view all recorded keystrokes, please, select Keystrokes log.

This will immediately bring you to the Keystrokes log which will be shown to the left. Keystrokes in the log are combined into series according to application and time they were recorded. This log also stores information about user and window caption where the keyboard activity took place. All records are timestamped for your convenience.
VIEWING SCREENSHOTS LOG

Second option at right sidebar is Screenshots, This will immediately bring you to the Screenshots log which will be shown to the left. Screenshots are captured according to the interval you specified in Main configuration. Log contains thumbnails to preview each screenshot, they are sorted by date in ascending order. Clicking on a preview zooms the recorded screenshot and shows it in actual size.

VIEWING WEB-ACTIVITY LOG

This will immediately bring you to the Internet Activity log which will be shown to the left

VIEWING APPLICATIONS LOG

To view recorded applications history, please, select Applications history log, This will immediately bring you to the Applications log which will be shown to the left. Applications log contains detailed information on every application and process ever launched during the specified day.

VIEWING CLIPBOARD LOG

To view all captured Clipboard activity, please, select Clipboard log, This will immediately bring you to the Clipboard log which will be shown to the left. Elite Keylogger comes with clipboard capturing feature. Oftentimes, passwords, access codes or URLs may be too long or too difficult to type in and users prefer copying and pasting.

Source: http://compnetworking.about.com/od/networksecurityprivacy/g/keylogger.htm

http://en.wikipedia.org/wiki/Keystroke_logging

http://www.widestep.com/files/elite_keylogger.html

Keystroke logging with keystroke recorder and its types

MODULE 8:- System Hacking

How to get administrator privileges on windows 10

Best keylogger Windows 10 pc – Full tutorial

Keystroke logging with keystroke recorder and its types

Top 10 Tools Used For Maintaining Access of Exploited System

Keystroke logging with keystroke recorder software

Keystroke logging is a process to record keys pressed by Keyboard, and you can do this by hardware and software. keystroke recorder software records keyboards activity and store into a log file. In Company, managers use this software to track employees’s activity similar Parents use this software to secure their children from internet spam. In other hand Hacker used remote keylogger to capture username and password, Credit card information.

Key logger:

A keylogger is a hardware device or a software program that records the real time activity of a computer user including the keyboard keys they press.

Keyloggers are used in IT organizations to troubleshoot technical problems with computers and business networks. Keyloggers can also be used by a family (or business) to monitor the network usage of people without their direct knowledge. Finally, malicious individuals may use keyloggers on public computers to steal username and passwords or credit card information.

Most keyloggers allow not only keyboard keystrokes to be captured but also are often capable of collecting screen captures from the computer. Normal keylogging programs store their data on the local hard drive, but some are programmed to automatically transmit data over the network to a remote computer or Webserver.

Keyloggers are sometimes part of malware packages downloaded onto computers without the owners’ knowledge.

Keylogger Types:

There are two types of keylogger are here hardware device keylogger or Software keylogger.

Software Keylogger:

These are computer programs designed to work on the target computer’s software. Working as keyloger from a technical perspective there are several categories:

Hypervisor-based: The keylogger can theoretically reside in a malware hypervisor running underneath the operating system, which remains untouched. It effectively becomes aVirtual-machine.
Kernel-based: A program on the machine obtainsroot access to hide itself in the OS and starts intercepting keystrokes that pass through the kernel. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications who don’t have root access. They are frequently implemented as rootkits.
API-based: These keyloggershook keyboard APIs inside a running application. The keylogger registers for keystroke events, as if it was a normal piece of the application instead of malware. The keylogger receives an event each time the user presses or releases a key. The keylogger simply records it.
Form grabbing based:Form grabbing -based keyloggers log web form submissions by recording the web browsing on submit events. These happen when the user finishes filling in a form and submits it usually by clicking a button or hitting enter. This records form data before it is passed over the Internet.
Packet Analyzer: This involves capturing network traffic associated withHTTP Post events to retrieve unencrypted passwords. This is made more difficult when connecting via HTTPS.
Remote access software keyloggers

These are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location. Remote communication may be achieved using one of these methods:

Data is uploaded to a website, database or anFTP
Data is periodically emailed to a pre-definedemail address.
Data iswirelessly transmitted by means of an attached hardware system.
The software enables a remote login to the local machine from the Internet or the local network, for data logs stored on the target machine to be accessed.

Hardware Keylogger:

Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.

Firmware-based:BIOS -level firmware that handles keyboard events can be modified to record these events as they are processed. Physical and/or root-level access is required to the machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.
Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between thecomputer Keyboard and the computer, typically inline with the keyboard’s cable connector. There are also USB connectors based Hardware keyloggers as well as ones for Laptop.
Wireless keyboard sniffers: These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver.
Keyboard overlays: Criminals have been known to use keyboard overlays onATMs to capture people’s PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal’s keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence.
Acoustic keyloggers:Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when struck. It is then possible to identify which keystroke signature relates to which keyboard character via statically method such as frequency analysis.
Optical surveillance: A strategically placed camera, such as a hidden surveillance Camera at an ATM can allow a criminal to watch a PIN or password being entered.
Smartphone sensors: Researchers have demonstrated that it is possible to capture the keystrokes of nearby computer keyboards using only the commodityaccelerometer found in smartphones. The attack is made possible by placing a smartphone nearby a keyboard on the same desk. The smartphone’s accelerometer can then detect the vibrations created by typing on the keyboard, and then translate this raw accelerometer signal into readable sentences with as much as 80 percent accuracy.

How to Unshadow the file and dump Linux password

Hello friends, welcome again!

In the last post I told about Understanding Linux system security for Users After reading this post you have knowledge about Linux file system, and where username and password are stored in Linux? where you can dump this password? when you dump password, it will be in plain text or encrypted format? so for finding the password, walkthrough this post Unshadow the file and dump Linux password

Unshadow the file and dump password in encrypted format

In this tutorial I am going to show you demo on Ubuntu 14.04 machine to unshadow the files and dump the linux hashes with help of unshadow command. First, boot Ubuntu 14.04 machine with Kali Linux. Next, It is necessary to mount the Linux filesystem for dumping data from /etc/shadow and /etc/passwd files. After boot machine with Kali Linux OS Here is great automatic mounting utility in kali linux, you don’t need to mount manually anymore. You just click on linux filesystem under place menu Linux partition will be mounted automatic. Go into Place>filesystem

Linux system will be automatic mount on /media directory with a specific mounting value. Next, If you want to see mounting point value write the following commad

#ls /media

Go into Ubuntu file system by excuting following command

#cd /media/mounting value/

#cd etc

Copy both file shadow and passwd on Desktop

#cp shadow /root/Desktop

#cp passwd /root/Desktop

Unshadow Utility:

The unshadow tool combines the passwd and shadow files into one file So john can use this file to crack the password hashes.

Use unshadow utility in kali linux to unshadow the password hashes, and dump into new file named unshadow. It is not necessary you can put any name whatever you want but important is to merge both file passwd and shadow into unshadow file

#cd /root/Desktop

#ls

#unshadow passwd shadow > unshadow

#ls

Next step is cracking the password hashes with help of john the ripper

#john unshadow

John will detect automatic hashes type if you don’t provide formate type.

Dump Linux hashes and crack with John in Kali Linux Offline mode Video Tutorial

https://www.youtube.com/watch?v=_SvH36bLtFQ

Understanding Linux system security for Users

Know about Linux system security

One of the most important Linux system security feature are passwords today. Most of server administrator and users use password to secure their system to get access by others. In Linux (RHEL/DEBIAN) these passwords are saved in passwd and shadow files in /etc directory. In deep description about passwd and shadow both file’s data encrypted.

Most distro uses one way encryption called DES (Data Encryption Standard) to encrypt passwords saved into /etc/passwd and /etc/shadow files. When you attempt the login the username and password, the password encrypted again and compare with saved password, if match found then you are allowed to access otherwise decline by the system.

Understanding /etc/passwd File:

This file contain the required information which used at time of user login. This is text file contains a list of user accounts for System. This contain the following entry in each line each field is separated by : so you can understand easily.

Username : it is used when user logs in.

Password: An x character indicates that password is encrypted and stored in /etc/shadow file.
User ID (UID): Each user must be assigned a unique user ID (UID). UID 0 (zero) is reserved for root.
Group ID (GID): The primary group ID (stored in /etc/group file)
User ID Info: This field allow you to add extra information about the users such as user’s full name, phone number etc.
Home directory: This is path of user’s home directory
Command/shell: this is path of a command or shell (/bin/bash)

Understanding etc/shadow File:

This file stores passwords in encrypted format for user’s account. And also contain additional properties related passwords. It contains the following field and every field is sperated with a colon (:) character.

User name : It is users login name
Password: It is users encrypted password.
Last password change: This contained the information when last password changed.
Minimum: The minimum number of days required between password changes.
Maximum: The password validity for maximum numbers of Days.
Warn : The number of days before password is to expire that user is warned that his/her password must be changed
Inactive : The number of days after password expires that account is disabled
Expire : days since, that account is disabled

Administrator password hashes from SAM database

Find Window password hashes from SAM database

What is Password Hashes and SAM Database?

SAM is stand for Security Account Manager. SAM database is a part of windows Operating system consist user name and password in encrypted format called password hashes. SAM file is exist under C:/Windows/System32/config in Window 7/8/8.1/10. If User want to logon on the machine, user name and password should be match for authentication entered by user. If user put wrong username and password, authentication being failed. The encryption algorithm is NTLM2 used. The main purpose of SAM to save the computer and data by unauthorized person like hacker’s. But it is not completely work against a professional hacker. Here I am going to show you how hacker dump these encrypted password hashes from database and find out the password by cracking these hashes.

Boot Window machine with Kali Linux?

As I know you are learner here, so you have two option to make exercise on this topic. First create and install window (xp/7/8/8.1/10) machine on Virtual box, it is pretty easy and no harm for base computer. Another method is Do practice on base machine installed window OS already, in this condition you have to boot window machine by Kali Linux live Persistent DVD/Flash Drive.

When penetester boots Window machine with Kali Linux live then can use window file system without any interruption, As described above SAM are saved in the location C:/Windows/system32/config. So we have main task to go to this location and find out the SAM database. After booting system with Kali Linux you should follow the given instruction to find out the password.

Step1: First step mount the window system partition

click on Place> Filesystem.

When you clicked on file system window partition will be mounted automatically on /media directory. Open the terminal and type following command to reach in location where SAM database saved.

#cd /media/Mounting Point value/Windows/System32/config

In above mounting value will be changed according the system you can see this value by executing following command

#ls /media

Step2: Relieve bootkey.

#bkhive SYSTEM /root/Desktop/system.txt

System.txt is a file where bootkey is stored and /root/Desktop is location to save system.txt file.

Step 3: Dump the password hashes

Password hashes is retrieved with combination of bootkey and SAM database, This process is completed with the help of samdump2 utility found in kali linux by default. Command is giving following

#samdump2 SAM /root/Desktop/system.txt > /root/Desktop/hashes.txt

In implemented command SAM database and system.txt filed has been merged and created new file name hashes.txt. To see the password hashes dumped into hashes.txt file use given command

#cat /root/Desktop/hashes.txt

Change directory to /root/Desktop by using following command

#cd /root/Desktop

Step 4: John the Ripper a password cracking tool

After reaching the directory to crack hashes use excute john by given command

#john –formate=nt2 –users=vijay hashes.txt

Dictionary attack tool thc-hydra tutorial for beginner

A very fast network login cracker with dictionary attack tool which support many different services.

Dictionary attack tool thc-hydra Description:

According to official website of thc-hydra, One of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system and different online services.

Note: THIS TOOL IS FOR LEGAL PURPOSES ONLY!

There are already several login hacker tools available, however none does Either support more than one protocol to attack or support panellized Connects.

Protocols supported by thc-hydra

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

How to use hydra in Kali Linux

Thc-hydra is available in kali linux already you don’t need to install or configure it. In Kali Linux hydra available in two mode Graphical and Command line.

Graphical Interface of Hydra in Kali Linux:

Graphical interface is easy to use so let’s look on graphical interface of hydra:

Open hydra-gtk Go Application > Password attacks>Online Attacks > Hydra-Gtk
Configure Hydra for Attack
Target: there are following option are available:
1. Single Target: Give the IP address of Single target
2. Target List: you can upload file consist targets list.
3. Define Port: specify port
4. Protocol: Select protocol for attack
Passwords: In this tab you set the username and password and more…
1. Username: Give the username if you know
2. Username list: if you don’t know the username provide file location consist multiple usernames
3. Password: This option for single password
4. Password List: Here you provide the wordlist location
5. Check on try login as password
6. Check on Try empty password
7. Check on Try reversed login
Tuning: Following options for this tab:
1. Number Task: Repeat task
2. Time out: configure timeout on not response
3. Proxy: Set proxy if you are using. Or leave by default No proxy
Specific: Leave default
Start: Here you can start stop attack and save result

Command line Interface of Hydra in Kali Linux:

As in Linux command line have their own importance and value and most of tools are available with command line interface for linux, Hydra is one of them. to know more about the hydra just execute following command

#Hydra –h

This command will show all options used with hydra command.

You have many options on how to attack with logins and passwords

With -l for login and -p for password you tell hydra that this is the only

With -L for logins and -P for passwords you supply text files with entries.

e.g.:

hydra -l admin -p password ftp://localhost/

hydra -L default_logins.txt -p test ftp://localhost/

hydra -l admin -P common_passwords.txt ftp://localhost/

hydra -L logins.txt -P passwords.txt ftp://localhost/

Additionally, you can try passwords based on the login via the “-e” option.

The “-e” option has three parameters:

s – try the login as password

n – try an empty password

r – reverse the login and try it as password

If you want to, e.g. try “try login as password and “empty password”, you

specify “-e sn” on the command line

Source: https://www.thc.org

https://github.com/vanhauser-thc/thc-hydra

Generate Rainbow Tables and Crack Hashes in Kali Linux

Generate Rainbow Tables and Crack Hashes with rcracki_mt

Rcracki_mt is a tool used to crack hashes and found in kali linux by default. It is used rainbow tables to crack the password. Some other tools generate rainbow tables. You can download Rainbow table https://www.freerainbowtables.com/tables2/ if you don’t want to download rainbow table you can create you own by Using winrtgen in window and rtgen in Kali Linux

Generate Rainbow Tables in Kali Linux

You have entred in next step. here you can learn to generate rainbow tables by using some tools, There are some tools working for rainbow table are found in kali linux, location is /usr/share/rainbowcrack if you want to generate rainbow table

Opne Terminal
#cd /usr/share/rainbowcrack
here you will see some tools. Use rtgen to create rainbow table.
#rtgen hash_algorithm charset plaintext_length_min plaintext_length_max table_index chain_len chain_num part_index
Example #rtgen md5 loweralpha-numeric 6 8 0 3800 33445532 0
Your rainbowtable will be saved in the current location (/usr/share/rainbowcrack)

Crack Hashes with rcracki_mt in Kali Linux

Then issue the command rcracki_mt -h [hash] -t [num threads] [directory of rainbow tables]
For this example, [hash] is the cryptographic hash you wish to reverse. [num threads] is how many threads you wish to dedicate to the task. You should usually use an amount equal to the amount of processor cores available on your computer. The last parameter is the directory where the rainbow tables are located.

RCRACKI_MT in depth

The RCRACKI_MT process can be divided into 3 distinct phases.

The pre-calculation phase
The search phase
The false alarm checking phase

Hashcat Tutorial – Bruteforce Mask Attack Example for Password Cracking

Hashcat Tutorial for beginner

Hello friends, you reading articles on Password cracking under Penetration Testing this article will cover about another tools hashcat tutorial. It is best password cracking tool. and give the best result with GPU Machine.

Description of Hashcat for Password Cracking

According to official website Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterpart oclHashcat, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write Hashcat: To make use of the multiple cores of modern CPUs.

Granted, that was not 100% correct. John the Ripper already supported MPI using a patch, but at that time it worked only for Brute-Force attack. There was no solution available to crack plain MD5 which supports MPI using rule-based attacks.

How to use Hashcat in Kali Linux

Hashcat is preinstalled in Kali Linux, To see more about hashcat execute following code in terminal

#hashcat –h

#hashcat –help | more

Press enter and read about available options for hashcat

Features Of Hashcat :

Multi-Threaded
Free
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux, Windows and OSX native binaries)
Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
SSE2, AVXand XOP accelerated
All Attack-Modesexcept Brute-Force and Permutation can be extended by rules
Very fast Rule-engine
Rules compatiblewith JTR and PasswordsPro
Possible to resumeor limit session
Automatically recognizes recovered hashes from outfile at startup
Can automatically generaterandom rules
Load saltlistfrom external file and then use them in a Brute-Force Attack variant
Able to work in an distributed environment
Specify multiple wordlistsor multiple directories of wordlists
Number of threads can be configured
Threads run on lowest priority
Supports hex-charset
Supports hex-salt
90+ Algorithm implemented with performance in mind
……and much more

Combinator Attack with hashcat

In this attack hashcat create password list by combinator method in this method each word of a dictionary is appended to each word in a dictionary.

For Example I have following world in my dictionary:

Pass
123
Rock
You

Output we get by hashcat

PassPass
Pass123
passRock
PassYou
123Pass
123123
123Rock
123You
RockPass
Rock123
RockRock
RockYou
YouPass
You123
YouRock
YouYou

hashcat is that cpu hashcat does the combination of the plains given in a single dictionary file (word list) This implies that one should specify only and exactly 1 (dictionary) file within the command line for hashcat (besides the hash file).
Example of combinatory attack
The combinator attack hence will combine each and every word within the single dictionary file.

#hashcat -m 0 -a 1 hash.txt dict.txt

Brute-Force Attack with Hashcat Tutorial

Tries all combinations from a given Keyspace. It is the easiest of all the attacks.

In Brute-Force we specify a Charset and a password length range. The total number of passwords to try is Number of Chars in Charset ^ Length. This attack is outdated. The Mask-Attack fully replaces it.

Dictionary Attack with hashcat tutorial

The dictionary attack is a very simple attack mode. It is also known as a “Wordlist attack”.

All that is needed is to read line by line from a textfile (called “dictionary” or “wordlist”) and try each line as a password candidate.

Mask Attack with hashcat tutorial

Try all combinations from a given keyspace just like in Brute-Force attack, but more specific.

The reason for doing this and not to stick to the traditional Brute-Force is that we want to reduce the password candidate keyspace to a more efficient one.

Here is a single example. We want to crack the password: Julia1984

In traditional Brute-Force attack we require a charset that contains all upper-case letters, all lower-case letters and all digits (aka “mixalpha-numeric”). The Password length is 9, so we have to iterate through 62^9 (13.537.086.546.263.552) combinations. Lets say we crack with a rate of 100M/s, this requires more than 4 years to complete.

In Mask attack we know about humans and how they design passwords. The above password matches a simple but common pattern. A name and year appended to it. We can also configure the attack to try the upper-case letters only on the first position. It is very uncommon to see an upper-case letter only in the second or the third position. To make it short, with Mask attack we can reduce the keyspace to 52*26*26*26*26*10*10*10*10 (237.627.520.000) combinations. With the same cracking rate of 100M/s, this requires just 40 minutes to complete.

Built-in charsets

Custom charsets

Examples of Mask Attack

The following commands all define the same custom charset that consists of the chars “abcdefghijklmnopqrstuvwxyz0123456789” (aka “lalpha-numeric”):

-1 abcdefghijklmnopqrstuvwxyz0123456789

-1 abcdefghijklmnopqrstuvwxyz?d

-1 ?l0123456789

-1 ?l?d

-1 loweralpha_numeric.hcchr # file that contains all digits + chars (abcdefghijklmnopqrstuvwxyz0123456789)

The following command defines a charset that consists of the chars “0123456789abcdef”:

-1 ?dabcdef

The following command defines a full 7-bit ascii charset (aka “mixalpha-numeric-all-space”):

-1 ?l?d?s?u

The following command sets the first custom charset (-1) to russian language specific chars:

-1 charsets/special/Russian/ru_ISO-8859-5-special.hcchr

Example

The following commands creates the following password candidates:

command: -a 3 ?l?l?l?l?l?l?l?l

keyspace: aaaaaaaa – zzzzzzzz

command: -a 3 -1 ?l?d ?1?1?1?1?1

keyspace: aaaaa – 99999

command: -a 3 password?d

keyspace: password0 – password9

command: -a 3 -1 ?l?u ?1?l?l?l?l?l19?d?d

keyspace: aaaaaa1900 – Zzzzzz1999

command: -a 3 -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2

keyspace: 00aaaaa – ffZZZZZ

command: -a 3 -1 efghijklmnop ?1?1?1

keyspace: eee – ppp

Password length increment

A Mask attack is always specific to a password length. For example, if we use the mask “?l?l?l?l?l?l?l?l” we can only crack a password of the length 8. But if the password we try to crack has the length 7 we will not find it. Thats why we have to repeat the attack several times, each time with one placeholder added to the mask. This is transparently automated by using the “–increment” flag.

?l?l

?l?l?l

?l?l?l?l

?l?l?l?l?l

?l?l?l?l?l?l

?l?l?l?l?l?l?l

?l?l?l?l?l?l?l?l

Source www.hashcat.net

Most used Password cracking techniques by Cain and Abel Software

Password cracking techniques by Cain and Abel

Hello Friends, Welcome again!

In the last post Cain and Abel software for cracking hashes you have read about basics of Cain and Abel, and in the end of post I write about password cracking. When the cain captures some password hashes it sends to cracker tab automatically. When you gets password hashes you can use many Password cracking techniques by Cain and Abel Software.

Right click on the desired user name, you want to obtain password. As you right click on the username you will find all possible techniques for cracking password.

There are mostly three techniques to crack the password

Dictionary attack

Dictionary attack is a type of attack, in which Attacker uses a word list contain lots of words or possible passwords. Tools checks login credential with every word from list. if the password is consist in the word list, attacker get success if not, he fails. This attack can be performed by Cain and abel further more detail Dictionary attack For Cracking passwords using Cain and Abel This tool checks all the entries into dictionary (wordlist) when hashes got match it will stop the attack. and attacker will find his result. If passphrase is not into dictionary then you will be unable.

Brute force attack

Brute force attack attempt to get access by trying different password words, or letter ( alphabet, number and symbol). In simple attack may have a dictionary with common used password with in software. another hand complex attack uses every key combination ( alphabet, number and symbol) for finding correct password.
it can take several hours, days,months and year for success depends on password and encryption complexity.

For more detail Brute Force Attack for Cracking Passwords using Cain and Abel

Cryptanalysis attack (Using Rainbow Table)

Using rainbow table attacker can crack 14 character long password within 160 second. It is much faster than dictionary attack and brute force attack Rainbow table is dictionary stored plain text password and encrypted password hashes we can say it is pre compiled and pre calculated hashes.
In this process tools matches hashes with rainbow table. If matched, it shows in plain text. other wise failed in process. you can generate your own rainbow table using winrtgen

More detail: Rainbow Tables Attack (Cryptanalysis attack) and winrtgen

Conclusion

Cain and Abel is a powerful tool that does a great job in password cracking. It can crack almost all kinds of passwords, and it’s usually just a matter of time before you get it.

1 2 3 4