Hacking Articles

Hacking Articles Part 25

Kali Linux – Password Cracking Tools

[Disclaimer: The content of this article is for educational purposes only. It was written to help readers test their skills on using computers and/or Kali Linux and share knowledge about Kali Linux to the users. The writer of this article/guide take no responsibility for actions resulting from the inappropriate usage of informations contained of this article/guide.]

This is the real thing guys, Password Cracking is known for hacking emails and account and now we can tackle it in Kali Linux, they present some important password cracking tools that we can used and some of them are very popular to hackers out there. This one was so fun to know, and you can do more research about it after you read this article/guide. Let Go!

Hydra

-This one was popular and it is a login cracker that supports many protocols to attack (Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP).

To open hydra, go to Applications -> Password Attacks -> Online Attacks -> hydra.

It will open the terminal console as you can see below:

In this discussion, we will brute force FTP service of metasploitable machine, which has the IP 192.168.1.101

Then we need to create a word list extension 'lst.' In the path usr\share\wordlists\metasploit.

And type the command:

hydra -l /usr/share/wordlists/metasploit/user -P

/usr/share/wordlists/metasploit/passwords -V

Where, -V is the username and password while trying and hola! The username and password will be found and in this discussion the username is: mfsadmin and the password is: mfsadmin.

Johnny

(*Johnny, Johnny, yes Papa? * Hahaha) -Well, it is a GUI for John the Ripper password cracking tool. But it was used for weak passwords.

To open Johnny, go to Applications -> Password Attacks -> johnny.

Note: "In this case, we need to attack a Kali machine with the following command and a file will be created on your desktop.

Step 1: Click "Open Passwd File" and click "OK" then all the files will be shown.

Step 2: Click "Start Attack"

Step 3: After the attack is complete, click the left panel at "Passwords" and the password will be unshaded.

John

-John is a command line version of Johnny GUI.

To start this one, type "john" in the terminal.

To unshadow the password of your target, we need to write the following command:

root@kali:~# unshadow passwd shadow > unshadowed.txt

Ranbowcrack

-So colorful right? This RainbowCrack is a software that cracks hashes by rainbow table look up. Rainbow tables are ordinary files stored on the hard disk. Generally, Rainbow tables are bought online or can be compiled with different tools.

To open this one, go to Applications -> Password Attacks -> rainbowcrack.

The command we need to use to crack a hash password is:

"rcrack path_to_rainbow_tables -f path_to_password_hash"

SQLdict

-It was just a ordinary attack tool for SQL server and it was very easy and basic to be used.

To open this one, type "sqldict" at the terminal and you onlt need to fill out the "Target IP Server" with the IP of the server that holds the SQL and enter the username at "Target Account" textbox, then you need to load the file with the password and click "Start" until it finishes.

hash-identifier

-It is a tool that is used to identify types of hashes, for example is: If I have a HASH, it can tell me if it is a Linux or windows HASH.

The picture below shows that it can be a MD5 hash and it seems a Domain cached credential.