Tag: cracking passwords

Open post
Generate Rainbow Tables and Crack Hashes in Kali Linux

Generate Rainbow Tables and Crack Hashes in Kali Linux

Generate Rainbow Tables and Crack Hashes with rcracki_mt

Rcracki_mt is a tool used to crack hashes and found in kali linux by default.  It is used rainbow tables to crack the password. Some other tools generate rainbow tables. You can download Rainbow table https://www.freerainbowtables.com/tables2/ if you don’t want to download rainbow table you can create you own by Using winrtgen in window and rtgen in Kali Linux

Generate Rainbow Tables in Kali Linux

You have entred in next step. here you can learn to generate rainbow tables by using some tools, There are some tools working for rainbow table are found in kali linux, location is /usr/share/rainbowcrack if you want to generate rainbow table

  1. Opne Terminal
  2. #cd /usr/share/rainbowcrack
    here you will see some tools. Use rtgen to create rainbow table.
  3. #rtgen hash_algorithm charset plaintext_length_min plaintext_length_max table_index chain_len chain_num part_index
    Example #rtgen md5 loweralpha-numeric 6 8 0 3800 33445532 0
  4. Your rainbowtable will be saved in the current location (/usr/share/rainbowcrack)

Generate Rainbow Tables

Crack Hashes with rcracki_mt in Kali Linux

Then issue the command rcracki_mt -h [hash] -t [num threads] [directory of rainbow tables]
For this example, [hash] is the cryptographic hash you wish to reverse. [num threads] is how many threads you wish to dedicate to the task. You should usually use an amount equal to the amount of processor cores available on your computer. The last parameter is the directory where the rainbow tables are located.

crack hashes

RCRACKI_MT in depth

The RCRACKI_MT process can be divided into 3 distinct phases.

  1. The pre-calculation phase
  2. The search phase
  3. The false alarm checking phase

RCRACKI_MT in depth

 

Open post
hashcat tutorial for Password Cracking

Hashcat Tutorial – Bruteforce Mask Attack Example for Password Cracking

Hashcat Tutorial for beginner

Hello friends, you reading articles on Password cracking under Penetration Testing this article will cover about another tools hashcat tutorial. It is best password cracking tool. and give the best result with GPU Machine.

Description of Hashcat for Password Cracking

According to official website Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterpart oclHashcat, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write Hashcat: To make use of the multiple cores of modern CPUs.

Granted, that was not 100% correct. John the Ripper already supported MPI using a patch, but at that time it worked only for Brute-Force attack. There was no solution available to crack plain MD5 which supports MPI using rule-based attacks.

How to use Hashcat in Kali Linux

Hashcat is preinstalled in Kali Linux, To see more about hashcat execute following code in terminal

#hashcat –h

#hashcat –help | more

Press enter and read about available options for hashcat

Features Of Hashcat :

  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux, Windows and OSX native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
  • SSE2, AVXand XOP accelerated
  • All Attack-Modesexcept Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatiblewith JTR and PasswordsPro
  • Possible to resumeor limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generaterandom rules
  • Load saltlistfrom external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlistsor multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • Supports hex-charset
  • Supports hex-salt
  • 90+ Algorithm implemented with performance in mind
  • ……and much more

Combinator Attack with hashcat

In this attack hashcat create password list by combinator method in this method each word of a dictionary is appended to each word in a dictionary.

For Example I have following world in my dictionary:

  • Pass
  • 123
  • Rock
  • You

 

Output we get by hashcat

  • PassPass
  • Pass123
  • passRock
  • PassYou
  • 123Pass
  • 123123
  • 123Rock
  • 123You
  • RockPass
  • Rock123
  • RockRock
  • RockYou
  • YouPass
  • You123
  • YouRock
  • YouYou

hashcat is that cpu hashcat does the combination of the plains given in a single dictionary file (word list) This implies that one should specify only and exactly 1 (dictionary) file within the command line for hashcat (besides the hash file).
Example of combinatory attack
The combinator attack hence will combine each and every word within the single dictionary file.

#hashcat -m 0 -a 1 hash.txt dict.txt

crack the hashes using hashcat

 

Brute-Force Attack with Hashcat Tutorial

Tries all combinations from a given Keyspace. It is the easiest of all the attacks.

In Brute-Force we specify a Charset and a password length range. The total number of passwords to try is Number of Chars in Charset ^ Length. This attack is outdated. The Mask-Attack fully replaces it.

Dictionary Attack with hashcat tutorial

The dictionary attack is a very simple attack mode. It is also known as a “Wordlist attack”.

All that is needed is to read line by line from a textfile (called “dictionary” or “wordlist”) and try each line as a password candidate.

combinator atack

Mask Attack with hashcat tutorial

Try all combinations from a given keyspace just like in Brute-Force attack, but more specific.

The reason for doing this and not to stick to the traditional Brute-Force is that we want to reduce the password candidate keyspace to a more efficient one.

Here is a single example. We want to crack the password: Julia1984

In traditional Brute-Force attack we require a charset that contains all upper-case letters, all lower-case letters and all digits (aka “mixalpha-numeric”). The Password length is 9, so we have to iterate through 62^9 (13.537.086.546.263.552) combinations. Lets say we crack with a rate of 100M/s, this requires more than 4 years to complete.

In Mask attack we know about humans and how they design passwords. The above password matches a simple but common pattern. A name and year appended to it. We can also configure the attack to try the upper-case letters only on the first position. It is very uncommon to see an upper-case letter only in the second or the third position. To make it short, with Mask attack we can reduce the keyspace to 52*26*26*26*26*10*10*10*10 (237.627.520.000) combinations. With the same cracking rate of 100M/s, this requires just 40 minutes to complete.

Built-in charsets

built in charset hashcat

Custom charsets

costum charset

Examples of Mask Attack

The following commands all define the same custom charset that consists of the chars “abcdefghijklmnopqrstuvwxyz0123456789” (aka “lalpha-numeric”):

-1 abcdefghijklmnopqrstuvwxyz0123456789

-1 abcdefghijklmnopqrstuvwxyz?d

-1 ?l0123456789

-1 ?l?d

-1 loweralpha_numeric.hcchr # file that contains all digits + chars (abcdefghijklmnopqrstuvwxyz0123456789)

The following command defines a charset that consists of the chars “0123456789abcdef”:

-1 ?dabcdef

The following command defines a full 7-bit ascii charset (aka “mixalpha-numeric-all-space”):

-1 ?l?d?s?u

The following command sets the first custom charset (-1) to russian language specific chars:

-1 charsets/special/Russian/ru_ISO-8859-5-special.hcchr

Example

The following commands creates the following password candidates:

mask Attack by hashcat

command: -a 3 ?l?l?l?l?l?l?l?l

keyspace: aaaaaaaa – zzzzzzzz

command: -a 3 -1 ?l?d ?1?1?1?1?1

keyspace: aaaaa – 99999

command: -a 3 password?d

keyspace: password0 – password9

command: -a 3 -1 ?l?u ?1?l?l?l?l?l19?d?d

keyspace: aaaaaa1900 – Zzzzzz1999

command: -a 3 -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2

keyspace: 00aaaaa – ffZZZZZ

command: -a 3 -1 efghijklmnop ?1?1?1

keyspace: eee – ppp

Password length increment

A Mask attack is always specific to a password length. For example, if we use the mask “?l?l?l?l?l?l?l?l” we can only crack a password of the length 8. But if the password we try to crack has the length 7 we will not find it. Thats why we have to repeat the attack several times, each time with one placeholder added to the mask. This is transparently automated by using the “–increment” flag.

?l

?l?l

?l?l?l

?l?l?l?l

?l?l?l?l?l

?l?l?l?l?l?l

?l?l?l?l?l?l?l

?l?l?l?l?l?l?l?l

Source www.hashcat.net

Open post
Brute Force Attack for Cracking Passwords using Cain and Abel

Brute Force Attack for Cracking Passwords using Cain and Abel

Hello friends, Welcome again!

We are discussing about Penetration Testing Tutorial and this article under section cracking passwords and hashes cracking.

Brute force attack with cain and abel

In my previous post Cain and Abel software for cracking hashes tutorial you have learnt about basic features or cain and abel. In the last of post I wrote about cracking passwords and how you dump NTLM hashes from local PC. After getting passwrod hashes our next task to crack password by using difference techniques, Brute Force attack one of them. In this tutorial you will learn how to perform brute force attack for cracking hashes by Cain and Abel

Brute Force Attack Definition

From Wikipedia: “In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

The key length used in the cipher determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. A cipher with a key length of N bits can be broken in a worst-case time proportional to 2N and an average time of half that. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognize when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.”

Cracking password by brute force attack using Cain and Abel:

  1. Right click on the desired user.
  2. Brute-force Attack
    Right click on the user
  3. Click on NTLM Hashes: A new window will be open, Here you need to set following things
    1. Charset: under this section there are two option first predefined charset or custom, where you can use character, numbers and sysmbles according yourself.
    2. Password length: Define minimum and maximum length of password
      brute force attack
  4. Click and start.
  5. You will get result.
    password cracked
Scroll to top