Password Cracking - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki
Hashes
What is Salt
Salting is the process of adding a unique value to the end of a password before hashing takes place. Salting the hash is crucial because it ensures that the encryption process results in a different hash value, even when two passwords are the same.
The Salt value lays between the 3rd and 4th $ signs in the has.
John the Ripper (JtR)
What is it?
JtR is a password cracking tool that is able to decrypt hashes.
Syntax
john --wordlist=WORDLIST.txt shadowfile.txt
Hint: Use Unshadow beforehand to crate this shadowfile
unshadow password.txt shadow.txt > unshadow.txt
An Unshadow file is a username:password:shadow file. The password file consists of the contents of /etc/passwd while the shadow file is /etc/shadow
Hashcat
What is it?
Hashcat is another effective hash cracking tool used in password cracking.
Syntax
hashcat -m 1800 -a 0 -o cracked.txt unshadow.txt /usr/share/wordlists/rockyou.txt
cracked passwords will be flushed into cracked.txt, the unshadowed passwords are in unshadow.txt, rockyou is the wordlist