Nytro Posted May 4, 2014 Report Posted May 4, 2014 (edited) Cracking MD5, phpBB, MySQL and SHA1 passwords Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat, cudaHashcat, oclHashcat on Kali Linux Hashcat or cudaHashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat or cudaHashcat currently supports a large range of hashing algorithms, including: Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX, and many others. ContentsCracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat, cudaHashcat, oclHashcat on Kali Linux My SetupNVIDIA Users: AMD Users: [*]Getting hashes: [*]Cracking hashed MD5 passwordsMD5 cracking using hashcat and cudahashcat [*]Cracking hashed MD5 – phpBB passwordsMD5 – phpBB cracking using hashcat and cudahashcat [*]Cracking hashed MySQL passwordsMySQL hashed password cracking using hashcat and cudahashcat [*]Cracking hashed SHA1 passwordsSHA1 password cracking using hashcat and cudahashcat [*]Location of Cracked passwords [*]Creating HASH’es using Kali [*]Conclusion [*]Google+ Hashcat or cudaHashcat comes in two main variants:Hashcat – A CPU-based password recovery tooloclHashcat or cudaHashcat – A GPU-accelerated tool Many of the algorithms supported by Hashcat or cudaHashcat can be cracked in a shorter time by using the well-documented GPU-acceleration leveraged in oclHashcat or cudaHashcat (such as MD5, SHA1, and others). However, not all algorithms can be accelerated by leveraging GPUs. Hashcat or cudaHashcat is available for Linux, OSX and Windows. oclHashcat or cudaHashcat is only available for Linux and Windows due to improper implementations in OpenCL on OSX. My Setup My setup is simple. I have a NVIDIA GTX 210 Graphics card in my machine running Kali Linux 1.0.6 and will use rockyou dictionary for this whole exercise. In this post, I will show How to crack few of the most common hashesMD5 MD5 – phpBB MySQL and SHA1 I will use 2 commands for every hash, hashcat and then cudahashcat. Because I am using a NVIDIA GPU, I get to use cudaHashcat. If you’re using AMD GPU, then I guess you’ll be using oclHashcat. Correct me if I am wrong here! Before you enable GPU Cracking, I’ve spent last few months writing guides on how to enable those features in Kali Linux. NVIDIA Users:Install proprietary NVIDIA driver on Kali Linux – NVIDIA Accelerated Linux Graphics Driver Install NVIDIA driver kernel Module CUDA and Pyrit on Kali Linux – CUDA, Pyrit and Cpyrit-cuda AMD Users:Install AMD ATI proprietary fglrx driver in Kali Linux 1.0.6 Install AMD APP SDK in Kali Linux Install Pyrit in Kali Linux Install CAL++ in Kali Linux AMD is currently much faster in terms of GPU cracking, but then again it really depends on your card. You can generate more hashes or collect them and attempt to crack them. Becuase I am using a dictionary, (it’s just 135MB), I am limited to selection number of passwords. The bigger your dictionary is, the more you’ll have success cracking an unknown hash. There are other ways to cracking them without using Dictionary (such as RainBow Tables etc.). I will try to cover and explain as much I can. Advanced users, I’m sure you already know these, so I would appreciate constructive comments. As always, read the manual and help file before you ask for help. Most of the things are covered in manuals and wiki available in www.hashcat.net. A big thanks goes to the Hashcat or cudaHashcat Dev team, they are the ones who created and maintained this so well. Cudos!. Getting hashes: First of all, we need to get our hashes. You can download hash generator applications, but there’s online sites that will allow you to create them. I will use InsidePro who kindly created a page that allows you create hashes on the fly and it’s publicly available. Visit them and feel free to browse their website to understand more about hashes. The password I am using is simple: abc123 All you need to do is enter this in password field of this page Hash Generator and click on generate. Cracking hashed MD5 passwords From the site, I copied the md5 hashed password and put it into a file. vi md5-1.txtcat md5-1.txt MD5 cracking using hashcat and cudahashcat Now it’s simple, I just typed in the following command and it took few seconds. hashcat -m 0 -a 0 /root/md5-1.txt /root/rockyou.txt Similarly, I can use cudahashcat. cudahashcat -m 0 -a 0 /root/md5-1.txt /root/rockyou.txt Cracking hashed MD5 – phpBB passwords From the site, copy the phpBB hashed password and put it into a file. vi md5phpbb-1.txtcat md5phpbb-1.txt What I didn’t explain in previous section, is that how do you know who mode to use or which attack code. You can type in hashcat --help or cudahashcat --help and read through it. Because I will stick with attack mode 0 (Straight Attack Mode), I just need to adjust the value for -m where you specify which type of hash is that. hashcat --help | grep php So it’s 400 MD5 – phpBB cracking using hashcat and cudahashcat Let’s adjust our command and run it. hashcat -m 400 -a 0 /root/md5phpbb-1.txt /root/rockyou.txt and cudahashcat cudahashcat -m 400 -a 0 /root/md5phpbb-1.txt /root/rockyou.txt Cracking hashed MySQL passwords Similar step, we get the file from the website and stick that into a file. vi mysql-1.txtcat mysql-1.txt NOTE: *6691484EA6B50DDDE1926A220DA01FA9E575C18A <– this was the hash from the website, remove * from this one before you save this hash. First of all let’s find out the mode we need to use for MYSQL password hashes. hashcat --help | grep My Ah, I’m not sure which one to use here … MySQL hashed password cracking using hashcat and cudahashcat I’ll try 200 and see how that goes … hashcat -m 200 -a 0 /root/mysql-1.txt /root/rockyou.txt Nope not good, Let’s try 300 this time… hashcat -m 300 -a 0 /root/mysql-1.txt /root/rockyou.txt and cudahashcat cudahashcat -m 300 -a 0 /root/mysql-1.txt /root/rockyou.txt Cracking hashed SHA1 passwords Similar step, we get the file from the website and stick that into a file. vi sha1-1.txtcat sha1-1.txt Let’s find out the mode we need to use for SHA1 password hashes. hashcat --help | grep SHA1 SHA1 password cracking using hashcat and cudahashcat We already know what to do next… hashcat -m 100 -a 0 /root/sha1-1.txt /root/rockyou.txt and cudahashcat cudahashcat -m 100 -a 0 /root/sha1-1.txt /root/rockyou.txt Location of Cracked passwords Hashcat or cudaHashcat saves all recovered passwords in a file. It will be in the same directory you’ve ran Hashcat or cudaHashcat or oclHashcat. In my case, I’ve ran all command from my home directory which is /root directory. cat hashcat.pot Creating HASH’es using Kali As always, great feedback from zimmaro, Thanks. See his comment below: (I’ve removed IP and email details for obvious reasons). dude got some massive screen!!! 1920×1080 16:9 HD 1080p!!! [TABLE][TR][TD]zimmaro_the_g0at<email truncated><ip address truncared>[/TD][TD] Submitted on 2014/03/30 at 2:43 am all always(our-friend):excellent explanation and thank you for sharing your knowledge / experiences PS:if I may some “” basic-hash “” can be generated directly with our KALI ImagesTime.com-hash.PNG[/TD][/TR][/TABLE] Conclusion This guide is here to show you how you can crack passwords using simple attack mode.You might ask why I showed the same command over and over again! Well, by the end of this guide, you will never forget the basics. There’s of course advanced usage, but you need to have a strong basics. I would suggest to read Wiki and Manuals from www.hashcat.net to get a better understanding of rule based attacks because that’s the biggest strength of Hashcat. The guys in Hashcat forums are very knowledgeable and know what they are doing. If you need to know anything, you MUST read manuals before you go and ask something. Usually RTFM is the first response … so yeah, tread lightly. Thanks for reading. Feel free to share this article.Sursa: Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat on Kali Linux | blackMORE Ops Edited May 4, 2014 by Nytro Quote
