Open post

Dictionary attack tool thc-hydra tutorial for beginner

A very fast network login cracker with dictionary attack tool which support many different services.

Dictionary attack tool thc-hydra Description:

According to official website of thc-hydra, One of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system and different online services.

Note: THIS TOOL IS FOR LEGAL PURPOSES ONLY!

There are already several login hacker tools available, however none does Either support more than one protocol to attack or support panellized Connects.

Protocols supported by thc-hydra

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,  HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,  MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,  PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,  SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion,  Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

How to use hydra in Kali Linux

Thc-hydra is available in kali linux already you don’t need to install or configure it. In Kali Linux hydra available in two mode Graphical and Command line.

Graphical Interface of Hydra in Kali Linux:

Graphical interface is easy to use so let’s look on graphical interface of hydra:

  1. Open hydra-gtk Go Application > Password attacks>Online Attacks > Hydra-Gtk
    Open hydra-gtk
  2. Configure Hydra for Attack
  3. Target: there are following option are available:
    1. Single Target: Give the IP address of Single target
    2. Target List: you can upload file consist targets list.
    3. Define Port: specify port
    4. Protocol: Select protocol for attack
      configure target tab
  4. Passwords: In this tab you set the username and password and more…
    1. Username: Give the username if you know
    2. Username list: if you don’t know the username provide file location consist multiple usernames
    3. Password: This option for single password
    4. Password List: Here you provide the wordlist location
    5. Check on try login as password
    6. Check on Try empty password
    7. Check on Try reversed login
      configure passwords tab
  5. Tuning: Following options for this tab:
    1. Number Task: Repeat task
    2. Time out: configure timeout on not response
    3. Proxy: Set proxy if you are using. Or leave by default No proxy
  6. Specific: Leave default
  7. Start: Here you can start stop attack and save result
    start and result tab

Command line Interface of Hydra in Kali Linux:

As in Linux command line have their own importance and value and most of tools are available with command line interface for linux, Hydra is one of them. to know more about the hydra just execute following command

#Hydra –h

This command will show all options used with hydra command.

hydra -h

 

You have many options on how to attack with logins and passwords

With -l for login and -p for password you tell hydra that this is the only

login and/or password to try.

With -L for logins and -P for passwords you supply text files with entries.

e.g.:

hydra -l admin -p password ftp://localhost/

hydra -L default_logins.txt -p test ftp://localhost/

hydra -l admin -P common_passwords.txt ftp://localhost/

hydra -L logins.txt -P passwords.txt ftp://localhost/

Additionally, you can try passwords based on the login via the “-e” option.

The “-e” option has three parameters:

s – try the login as password

n – try an empty password

r – reverse the login and try it as password

If you want to, e.g. try “try login as password and “empty password”, you

specify “-e sn” on the command line

 

 

Source: https://www.thc.org

https://github.com/vanhauser-thc/thc-hydra

Open post
hashcat tutorial for Password Cracking

hashcat tutorial for Password Cracking with GPU Machine

Hashcat Tutorial for beginner

Hello friends, you reading articles on Password cracking under Penetration Testing this article will cover about another tools hashcat tutorial. It is best password cracking tool. and give the best result with GPU Machine.

Description of Hashcat for Password Cracking

According to official website Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterpart oclHashcat, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write Hashcat: To make use of the multiple cores of modern CPUs.

Granted, that was not 100% correct. John the Ripper already supported MPI using a patch, but at that time it worked only for Brute-Force attack. There was no solution available to crack plain MD5 which supports MPI using rule-based attacks.

Hashcat in Kali Linux

Hashcat is preinstalled in Kali Linux, To see more about hashcat execute following code in terminal

#hashcat –h

#hashcat –help | more

Press enter and read about available options for hashcat

Features Of Hashcat :

  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux, Windows and OSX native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
  • SSE2, AVXand XOP accelerated
  • All Attack-Modesexcept Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatiblewith JTR and PasswordsPro
  • Possible to resumeor limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generaterandom rules
  • Load saltlistfrom external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlistsor multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • Supports hex-charset
  • Supports hex-salt
  • 90+ Algorithm implemented with performance in mind
  • ……and much more

Combinator Attack with hashcat

In this attack hashcat create password list by combinator method in this method each word of a dictionary is appended to each word in a dictionary.

For Example I have following world in my dictionary:

  • Pass
  • 123
  • Rock
  • You

 

Output we get by hashcat

  • PassPass
  • Pass123
  • passRock
  • PassYou
  • 123Pass
  • 123123
  • 123Rock
  • 123You
  • RockPass
  • Rock123
  • RockRock
  • RockYou
  • YouPass
  • You123
  • YouRock
  • YouYou

hashcat is that cpu hashcat does the combination of the plains given in a single dictionary file (word list) This implies that one should specify only and exactly 1 (dictionary) file within the command line for hashcat (besides the hash file).
Example of combinatory attack
The combinator attack hence will combine each and every word within the single dictionary file.

#hashcat -m 0 -a 1 hash.txt dict.txt

crack the hashes using hashcat

 

Brute-Force Attack with Hashcat Tutorial

Tries all combinations from a given Keyspace. It is the easiest of all the attacks.

In Brute-Force we specify a Charset and a password length range. The total number of passwords to try is Number of Chars in Charset ^ Length. This attack is outdated. The Mask-Attack fully replaces it.

Dictionary Attack with hashcat tutorial

The dictionary attack is a very simple attack mode. It is also known as a “Wordlist attack”.

All that is needed is to read line by line from a textfile (called “dictionary” or “wordlist”) and try each line as a password candidate.

combinator atack

Mask Attack with hashcat tutorial

Try all combinations from a given keyspace just like in Brute-Force attack, but more specific.

The reason for doing this and not to stick to the traditional Brute-Force is that we want to reduce the password candidate keyspace to a more efficient one.

Here is a single example. We want to crack the password: Julia1984

In traditional Brute-Force attack we require a charset that contains all upper-case letters, all lower-case letters and all digits (aka “mixalpha-numeric”). The Password length is 9, so we have to iterate through 62^9 (13.537.086.546.263.552) combinations. Lets say we crack with a rate of 100M/s, this requires more than 4 years to complete.

In Mask attack we know about humans and how they design passwords. The above password matches a simple but common pattern. A name and year appended to it. We can also configure the attack to try the upper-case letters only on the first position. It is very uncommon to see an upper-case letter only in the second or the third position. To make it short, with Mask attack we can reduce the keyspace to 52*26*26*26*26*10*10*10*10 (237.627.520.000) combinations. With the same cracking rate of 100M/s, this requires just 40 minutes to complete.

Built-in charsets

built in charset hashcat

Custom charsets

costum charset

Examples of Mask Attack

The following commands all define the same custom charset that consists of the chars “abcdefghijklmnopqrstuvwxyz0123456789” (aka “lalpha-numeric”):

-1 abcdefghijklmnopqrstuvwxyz0123456789

-1 abcdefghijklmnopqrstuvwxyz?d

-1 ?l0123456789

-1 ?l?d

-1 loweralpha_numeric.hcchr # file that contains all digits + chars (abcdefghijklmnopqrstuvwxyz0123456789)

The following command defines a charset that consists of the chars “0123456789abcdef”:

-1 ?dabcdef

The following command defines a full 7-bit ascii charset (aka “mixalpha-numeric-all-space”):

-1 ?l?d?s?u

The following command sets the first custom charset (-1) to russian language specific chars:

-1 charsets/special/Russian/ru_ISO-8859-5-special.hcchr

Example

The following commands creates the following password candidates:

mask Attack by hashcat

command: -a 3 ?l?l?l?l?l?l?l?l

keyspace: aaaaaaaa – zzzzzzzz

command: -a 3 -1 ?l?d ?1?1?1?1?1

keyspace: aaaaa – 99999

command: -a 3 password?d

keyspace: password0 – password9

command: -a 3 -1 ?l?u ?1?l?l?l?l?l19?d?d

keyspace: aaaaaa1900 – Zzzzzz1999

command: -a 3 -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2

keyspace: 00aaaaa – ffZZZZZ

command: -a 3 -1 efghijklmnop ?1?1?1

keyspace: eee – ppp

Password length increment

A Mask attack is always specific to a password length. For example, if we use the mask “?l?l?l?l?l?l?l?l” we can only crack a password of the length 8. But if the password we try to crack has the length 7 we will not find it. Thats why we have to repeat the attack several times, each time with one placeholder added to the mask. This is transparently automated by using the “–increment” flag.

?l

?l?l

?l?l?l

?l?l?l?l

?l?l?l?l?l

?l?l?l?l?l?l

?l?l?l?l?l?l?l

?l?l?l?l?l?l?l?l

Source www.hashcat.net

Open post
Cracking passwords by Dictionary attack using Cain and Abel

Dictionary attack For Cracking passwords using Cain and Abel

Dictionary attack

From Wikipedia: “A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack). Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit. However these are easy to defeat. Adding a single random character in the middle can make dictionary attacks untenable.”

Cracking passwords by Dictionary attack using Cain and Abel:

To perform dictionary attack for cracking passwords by using cain and abel first you will import the NTLM hashes. Then in cracker tab you find all imported username and hashes. Select desired user and follow the steps

  1. Right click on the user
  2. Select dictionary attack
    Right click on the user
  3. NTLM hashes
    New window will be popup

    1. Right click on top blank area.
    2. Add to list
    3. Browse dictionary or wordlist file
      add a dictionary
  4. Click on the start

 

it checks all the entries into dictionary when hashes matched it will stop the attack. You will find your result. If pass phrase is not into dictionary then you will be unable.

Scroll to top