Cracking Files

sources

Cracking archives

RAR

rar2john file.rar > rar_hashes.txt
john --wordlist=passwords.txt rar_hashes.txt

ZIP

zip2john file.rar > zip_hashes.txt
john --wordlist=passwords.txt zip_hashes.txt

ZIP Using fcrackzip

fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt some_zip_file.zip

Cracking shadow files

unshadow

unshadow passwd shadow > shadowjohn.txt
john --wordlist=/home/user/Desktop/Certifs/OSCP/Tools/Wordlist/Bruteforce/rockyou.txt --rules shadowjohn.txt
john --show shadowjohn.txt

#If you have found the passwd and shadow files under linux you can combine them on a file using **unshadow** command and then crack them using **John**
unshadow passwd.txt shadow.txt
unshadow passwd.txt shadow.txt > unshadow.txt
john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadow.txt

Hashcat SHA512 $6$ shadow file

hashcat -m 1800 -a 0 hash.txt rockyou.txt --username

Hashcat MD5 $1$ shadow file

hashcat -m 500 -a 0 hash.txt rockyou.txt --username

Various cracking techniques

Hashcat MD5 Apache webdav file

hashcat -m 1600 -a 0 hash.txt rockyou.txt

Hashcat SHA1

hashcat -m 100 -a 0 hash.txt rockyou.txt --force

Hashcat Wordpress

hashcat -m 400 -a 0 --remove hash.txt rockyou.txt

SSH Key

ssh2john id_rsa  > sshtocrack
john --wordlist=/usr/share/wordlists/rockyou.txt sshtocrack

Cracking Cisco passwords

Type 5 → MD5 Type 7 → Easy reversible

hashcat -m 500 c:\temp\ciscohash.txt C:\DICS\english-dic.txt

Cracking NTLVMv2 hashes

john --format=netntlmv2 --wordlist="/usr/share/wordlists/rockyou.txt" hash.txt

Cracking TGS

Using John from bleeding repo

Go here /home/user/Desktop/Certifs/OSCP/Tools/PasswordCracking/JohnTheRipper/run

./john --wordlist=/home/user/Desktop/Certifs/OSCP/Tools/Wordlist/Bruteforce/rockyou.txt --fork=4 --format=krb5tgs /home/user/Desktop/HackTheBox/VM/Active/kerberos_hashes.txt