Password Cracking

Password Cracking
- Hydra
- John The Ripper
- Crack Excel Password Protected Document

PASSWORD CRACKING

Note: If running on Kali check out /usr/share/wordlists for rockyou and other common password cracking wordlists.

HYDRA

Brute force the username admin with the given password list

hydra -t 1 -l admin -P <PASSWORD_LIST_PATH> -v ftp://<IP_ADDRESS> ftp

Brute force SSH with user and password lists against target IP address

hydra -v -u -L <USER_LIST_PATH> -P <PASSWORD_LIST_PATH> -t 1 ssh://<IP_ADDRESS>

JOHN THE RIPPER

Cracking with a wordlist

john --wordlist=<WORD_LIST_PATH> <HASH_LIST_FILE>

Attempt to crack hash file using previously cracked passwords

john --loopback <HASH_LIST_FILE>

Show cracked passwords

john --show <HASH_LIST_FILE>

Attempt to crack hash using incremental mode (May take a long time)

john --incremental <HASH_LIST_FILE>

CRACK EXCEL PASSWORD PROTECTED DOCUMENT

Run office2john.py against password protected Excel file to extract crackable hash from office document

python office2john.py <INPUT_PATH> > extractedHash.txt

Determine office/hash version based on contents of extractedHash.txt

# Listed in the output hash file from office2john... integer code on right goes into hashcat
9400-MS Office 2007
9500-MS Office 2010
9600-MS Office 2013
25300-MS Office 2016 SheetProtection
9700-MS Office <= 2003 $0/$1, MD5 + RC4
9710-MS Office <= 2003 $0/$1, MD5 + RC4, collider #1
9720-MS Office <= 2003 $0/$1, MD5 + RC4, collider #2
9810-MS Office <= 2003 $3, SHA1 + RC4, collider #1
9820-MS Office <= 2003 $3,SHA1+RC4, collider #2
9800-MS Office <= 2003 $3/$4, SHA1 + RC4

Run hashcat command to crack extracted and edited hash

hashcat64 -a 0 -m <MODE> --username -o cracked.txt extractedHash.txt /usr/share/wordlists/rockyou.txt