Password Cracking

Online Password Cracking Tools

• MD5 Hash Generator
• SHA256 Hash Generator
• CrackStation
  • Online password hash cracking
• Hashes
  • Decrypt MD5, SHA1, MySQL, NTLM, SHA256, MD5 Email, SHA256 Email, SHA512 hashes.
  • Note that the output may not be listed in the same order the input was listed in.
• MD5 Decrypt
  • Basic decryption of MD5, SHA1, SHA256, SHA384, SHA512, NTLM, COR, BCrypt, Blowfish, and Whirlpool hashes.
• ranbowtables.it64.com
  • Rainbow table attack on Microsoft Windows LM hashes.

---

Command Line Password Cracking Tools

• Hash Identifier
  • Software to identify different types of hashes used to encrypt data and especially passwords.
  • Usage: enter hash-identifier in the command line. Enter hashes when prompted.
• HashID
  • Identify different types of hashes used to encrypt data and especially passwords.
  • Usage: enter hashid <hash> in the command line, where <hash> can be a single hash or a file containing hashes.
• Hashcat
  • More information below.
• fcrackzip — Zip password cracker
  • To use fcrackzip and the rockyou wordlist to crack the password on a ZIP file, enter:

    fcrackzip -v -u -D -p rockyou.txt archive.zip
    

    • -u (-use-unzip) helps with false positives
    • -D (-dictionary) selects dictionary mode
    • -p (-init-password string) use to select the rockyou.txt file
    • -v (-verbose) not required
• John the Ripper — Password cracker
• Ophcrack — Windows password cracker based on rainbow tables.

Hashcat

• Flag options (control character sets for brute force attacks)
  • ?l — Charset: abcdefghijklmnopqrstuvwxyz
  • ?u — Charset: ABCDEFGHIJKLMNOPQRSTUVWXYZ
  • ?f — Charset: 0123456789
  • ?h — Charset: 0123456789abcdef
  • ?H — Charset: 0123456789ABCDEF
  • ?s — Charset: !”#$%&'()*+,-./:;<=>?@[\]^_{|}~
  • ?a — Charset: ?l?u?d?s
  • ?b — Charset: 0x00 – 0xff
• Attack modes
  • -a 0 — Dictionary attack (tries all lines contained in a given file as passwords)
  • -a 1 — Combinator attack (tries combinations of words from wordlist)
  • -a 3 — Brute-Force attack
  • -a 6 — Hybrid Wordlist + Mask
  • -a 7 — Hybrid Mask + Wordlist
  • -a 9 — Association
• With known format SKY-ABCD-####:

  hashcat -m 0 -a 3 hashes.txt SKY-ABCD-?d?d?d?d
  

  • -m 0 for MD5 hashes.
  • -a 3 for brute force and mask attack mode.
• Using the rockyou wordlist:

  hashcat -m 0 -a 0 hashes.txt rockyou.txt
  

• Hybrid attacks
• Rule-based attacks
• Extracting WPA and WPA2 hashes from PCAPs for use with hashcat
• Hashcat example hashes and associated codes found here.

---

Wordlists and Rule Lists

• Weakpass
  • Website dedicated to supplying free wordlists for password cracking via. bruteforce.

---

PDF Files

• pdfcrack --wordlist=rockyou.txt filename.pdf
• pdf-parser
• pdf2john
• john
• Writeup of Cracking Encrypted PDFs

---

Windows Hashes

• LM, NTLM, Net-NTLMv2
• Output from hash-identifier may look like: SAM - (LM_hash:NT_hash)
• Article on cracking Windows hashes

md5crypt

Format: $1$salt$checksum, where:

• $1$ is the prefix used to identify md5-crypt hashes.
• salt is 0-8 characters (regexp range) providing a 48 bit salt.
• checksum is 22 characters drawn from the same character set as the salt, encoding a 128-bit checksum.

---

Terminology

For a more detailed description of the terminology of password cracking (hashing, salting, peppering, and lots of encryption algorithms), check out this article from the Guardian.