Password Cracking - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki

Hashes

What is Salt

Salting is the process of adding a unique value to the end of a password before hashing takes place. Salting the hash is crucial because it ensures that the encryption process results in a different hash value, even when two passwords are the same.

The Salt value lays between the 3rd and 4th $ signs in the has.

---

John the Ripper (JtR)

What is it?

JtR is a password cracking tool that is able to decrypt hashes.

Syntax

john --wordlist=WORDLIST.txt shadowfile.txt

Hint: Use Unshadow beforehand to crate this shadowfile

unshadow password.txt shadow.txt > unshadow.txt

An Unshadow file is a username:password:shadow file. The password file consists of the contents of /etc/passwd while the shadow file is /etc/shadow

---

Hashcat

What is it?

Hashcat is another effective hash cracking tool used in password cracking.

Syntax

hashcat -m 1800 -a 0 -o cracked.txt unshadow.txt /usr/share/wordlists/rockyou.txt

cracked passwords will be flushed into cracked.txt, the unshadowed passwords are in unshadow.txt, rockyou is the wordlist