Hello everyone,
Today, I'm gonna show you how to crack MD4, MD5, SHA1, and other hash types by using John The Ripper and Hashcat.
John The Ripper: "John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version."
Source: http://www.openwall.com/john/
Hashcat: "Hashcat is the world’s fastest CPU-based password recovery tool.
While it's not as fast as its GPU counterparts oclHashcat-plus and oclHashcat-lite, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches."
Source: http://hashcat.net/wiki/doku.php?id=hashcat
Download John The Ripper(Jumpo 1.7.9) : John The Ripper Jumpo 1.7.9
Download Hashcat(0.41): Hashcat v0.41
Install both John and Hashcat and we are ready to start.
It's time to launch them. Go to the John's installation folder (JohnTheRipper-unstable-jumbo/run/) and type
Source: http://hashcat.net/wiki/doku.php?id=hashcat
Download John The Ripper(Jumpo 1.7.9) : John The Ripper Jumpo 1.7.9
Download Hashcat(0.41): Hashcat v0.41
Install both John and Hashcat and we are ready to start.
It's time to launch them. Go to the John's installation folder (JohnTheRipper-unstable-jumbo/run/) and type
$./john to launch John.
Requirements for cracking a password with John: Wordlist, encrypted password.
Here is a site which you are able to convert a word into md5 hash.
In the following list you can find some great wordlists. ( I suggest you, to use an English dictionary as Wordlist )
ftp://ftp.cerias.purdue.edu/pub/dict/wordlists/
ftp://ftp.openwall.com/pub/wordlists/
http://www.skullsecurity.org/wiki/index.php/Passwords
Now, it's time to try cracking passwords with John. We will use those passwords-hashes
b326b5062b2f0e69046810717534cb09
d41134fbdb1aacda7ccdb49ed3d33948
37b4e2d82900d5e94b8da524fbeb33c0
4ed5d2eaed1a1fadcc41ad1d58ed603e
e09491aee3bd9ec02e805ffdac0beb12
Open your test.txt file and insert the above hashes. We also know that the passwords are using a Md5 encryption.
So we have a test.txt file with the hashes, and we know the md5 format of the hashes!
1st CHALLENGE:
$./john --format=raw-md5 --single test.txt--format=raw-md5 is the format/type of the hash (md5 in this case)
--single is the single mode which John provide us for cracking passwords faster without using our wordlist
RESULT:
Loaded 5 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x])
SCORE: Passwords 1 - 0 John
2nd CHALLENGE:
$./john --format=raw-md5 --wordlist=word_list_file.txt test.txt
--wordlist=word_list_file.txt is the command which we select our wordlist (change the "word_list_file.txt" with your wordlist's name
RESULT:
Loaded 5 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x])
city (4)
scary (2)
observation (5)
true (1)
football (3)
SCORE: Passwords 1 - 1 John the Ripper!
If you wish to see your cracked hashes you can type:
$./john --show --format=raw-md5 test.txt What about cracking some SHA-1 hashes? For SHA-1 I will use the following hashes:
52c281dfd1301b71d268ecc736ee500502a2be87
14012cd1b375ede06f6334b34167397cb7be4265
0d612c12d2ac33625bf3e0351b6f5e4f73829fa8
8eec7bc461808e0b8a28783d0bec1a3a22eb0821
b363713a938afcd3c74603827fab79e935b2b09b
3rd CHALLENGE:
$./john --format=raw-sha1 --wordlist=wordlist_file.txt test.txt--format=raw-sha1 the hash type is sha-1
Loaded 5 password hashes with no different salts (Raw SHA-1 [128/128 SSE2 4x])
auto (?)
reincarnation (?)
manual (?)
respect (?)
security (?)
SCORE: Passwords 1 - 2 John The Ripper
Ok, now it's time to crack some passwords with Hashcat. We will use the same hashes with those we used before.
b326b5062b2f0e69046810717534cb09
d41134fbdb1aacda7ccdb49ed3d33948
37b4e2d82900d5e94b8da524fbeb33c0
4ed5d2eaed1a1fadcc41ad1d58ed603e
e09491aee3bd9ec02e805ffdac0beb12
1st CHALLENGE:
$./hashcat-cli32.bin 'test.txt' 'wordlistfile.txt' 'text.txt' is the file where the hashes are included
'wordlistfile.txt' is the wordlist
RESULT:
Added hashes from file test.txt: 5 (1 salts)
NOTE: press enter for status-screen
e09491aee3bd9ec02e805ffdac0beb12:observation
4ed5d2eaed1a1fadcc41ad1d58ed603e:city
b326b5062b2f0e69046810717534cb09:true
37b4e2d82900d5e94b8da524fbeb33c0:football
d41134fbdb1aacda7ccdb49ed3d33948:scary
All hashes have been recovered
SCORE: Passwords 0 - 1 Hashcat
2nd CHALLENGE:
$./hashcat-cli32.bin -m0 'test.txt' 'wordlistfile.txt' -m0 is the format type of the hash. -m means that we want to crack a specific type of hash an 0 means that the hash type is MD5.
RESULT:
Added hashes from file test.txt: 5 (1 salts)
NOTE: press enter for status-screen
e09491aee3bd9ec02e805ffdac0beb12:observation
4ed5d2eaed1a1fadcc41ad1d58ed603e:city
b326b5062b2f0e69046810717534cb09:true
37b4e2d82900d5e94b8da524fbeb33c0:football
d41134fbdb1aacda7ccdb49ed3d33948:scary
All hashes have been recovered
SCORE: Passwords 0 - 2 Hashcat
3rd CHALLENGE:
In this challenge we will crack SHA-1 hashes. We will use the same hashes as before.
52c281dfd1301b71d268ecc736ee500502a2be87
14012cd1b375ede06f6334b34167397cb7be4265
0d612c12d2ac33625bf3e0351b6f5e4f73829fa8
8eec7bc461808e0b8a28783d0bec1a3a22eb0821
b363713a938afcd3c74603827fab79e935b2b09b
$./hashcat-cli32.bin -m100 'test.txt' 'wordlistfile.txt'-m100 means that we want to crack SHA-1 hashes. 100=SHA-1
RESULT:
14012cd1b375ede06f6334b34167397cb7be4265:respect
0d612c12d2ac33625bf3e0351b6f5e4f73829fa8:auto
8eec7bc461808e0b8a28783d0bec1a3a22eb0821:security
52c281dfd1301b71d268ecc736ee500502a2be87:reincarnation
All hashes have been recovered
SCORE: Passwords 0 - 3 Hashcat
Many people believe, that Hashcut is faster and simpler. And that's true! After the above results, what's your opinion?
Thanks,
Nikos Danopoulos
Nice Article my friend Nikos but I have to stress some additional things.
ReplyDeleteInstead of using JtR from the official Website (OpenWall) you can use Magnum Ripper. In my opinion it is faster than the official version of JtR with many additional features.
https://github.com/magnumripper/JohnTheRipper
I suppose that you compiled JtR to operate with one core of your CPU. For your information only, you can compile it with MPI and OpenMP libraries for faster password cracking.
In your first challenge you enter:
"./john --format=raw-md5 --single test.txt"
and your hashfile has the format:
"b326b5062b2f0e69046810717534cb09
d41134fbdb1aacda7ccdb49ed3d33948
37b4e2d82900d5e94b8da524fbeb33c0
4ed5d2eaed1a1fadcc41ad1d58ed603e
e09491aee3bd9ec02e805ffdac0beb12"
In order for single attack to be successful you must provide hashfile in a format like:
username:password
nikos:b326b5062b2f0e69046810717534cb09
john@yahoo.comd41134fbdb1aacda7ccdb49ed3d33948
--single attack tries to crack the hash based on the username by implementing statistical analysis.
In Hashcat section I think both Challenge 1 and 2 are the same...
Anyway, good work and I hope to see more from you :) :D
010Life - Because Your 10Nd Life Belongs Here.: Password Cracking : John The Ripper And Hashcat! >>>>> Download Now
Delete>>>>> Download Full
010Life - Because Your 10Nd Life Belongs Here.: Password Cracking : John The Ripper And Hashcat! >>>>> Download LINK
>>>>> Download Now
010Life - Because Your 10Nd Life Belongs Here.: Password Cracking : John The Ripper And Hashcat! >>>>> Download Full
>>>>> Download LINK Bh
Hey,
ReplyDeleteThank you for commenting. I'm glad you like my post.
First of all, I used jumpo version of JTR because it's the most common version, and the most of us got it. (So, that's why I didn't use magnum).
As for --single mode, yes you are right:)
Concerning Hashcat,in challenge 1 and 2,I wanted to point out that the cracking speed is the same either in the "basic" way or in the -m method which you are specifying the encryption :)
Thanks!
Very nice info ,
ReplyDelete1 Question :
./john --format=raw-md5 --single test.txt this command you said not need our dictionary to Crack Hashes , then how it Crack hashes ?
and Hashcat Dont have this option ? its just for JTR ?
Hey,
ReplyDeleteFirst of all thank you for commenting:)
1) When you use --single mode, you don't actually use YOUR own wordlist. As I said your wordlist is "wordlist_file.txt". (Check previous comments for more info).
2)Yeah, Hashcat doesn NOT support "single" option,it's only for JTR :)
ReplyDeleteAvailable Services
..paypal money adder
..bitcoin miner ultimate
..hack bank account
..payza money adder
..jtr password cracker
..neteller money adder
..payoneer money adder
..Wire Bank Transfer all over the world
..Western Union Transfer all over the world
..Credit Cards (USA, UK, AUS, CAN, NZ)
..School Grade upgrade / remove Records
..Spamming Tool
..keyloggers / rats
..Social Media recovery
.. Teaching Hacking / spamming / carding (1/2 hours course)
discount for re-seller
Contact: 24/7
putro9111@gmail.com
Do you need an urgent blank ATM CARD to solve your financial needs. i want to tell the world about my experience with. i discovered an hacking team called skylink technoloy. they re really good at what they do, i inquired about the BLANK ATM CARD. if it works or even Exist, then i gave it a try and asked for the card and agreed to their terms and conditions. three days later i received my card and tried it with the closest ATM machine to me, and to my greatest surprise it worked like magic. i was able to withdraw up to $4000.This was unbelievable and the happiest day of my life. there is no ATM MACHINES this BLANK ATM CARD CANNOT penetrate into it because it have been programmed with various tools and software. i just felt this might help those of us in need of financial stability. The card have really change my life. if you want to contact them, HERE is the email
ReplyDeleteskylinktechnes@yahoo.com or whatsapp: +1(213)328–0248
GOOD CARD WITH COOL CASH...Get THE 2020 BLANK ATM Programmed Card and cash money directly in any ATM Machine around you. There is no risk of being caught, because the card has been programmed in such a way that it´s not traceable, it also has a technique that makes it impossible for the CCTV to detect you and you can withdraw a total sum of $5,000.00 USD daily,try and get yours today from (MR OSCAR WHITE ) of oscarwhitehackersworld@gmail.com And be among the lucky ones who are benefiting from it. Now email the hacker one : oscarwhitehackersworld@gmail.com or whats-app +1(323)-362-2310
ReplyDeleteWelcome. BE NOT TROUBLED anymore. you’re at the right place. Nothing like having trustworthy hackers. have you lost money before or bitcoins and are looking for a hacker to get your money back? You should contact us right away. It's very affordable and we give guarantees to our clients. Our hacking services are as follows:Email:Creditcards.atm@gmail.com
ReplyDelete-hack into any kind of phone
_Increase Credit Scores
_western union, bitcoin and money gram hacking
_criminal records deletion_BLANK ATM/CREDIT CARDS
_Hacking of phones(that of your spouse, boss, friends, and see whatever is being discussed behind your back)
_Security system hacking...and so much more. Contact THEM now and get whatever you want at
Email:Creditcards.atm@gmail.com
Whats app:+1(305) 330-3282
WHY WOULD YOU NEED TO HIRE A HACKER??:
There are so many Reasons why people need to hire a hacker, It might be to Hack a Websites to deface information, retrieve information, edit information or give you admin access.
• Some people might need us To Hack Their Target Smartphone so that they could get access to all activities on the phone like , text messages , call logs , Social media Apps and other information
• Some might need to Hack a Facebook , gmail, Instagram , twitter and other social media Accounts,
• Also Some Individuals might want to Track someone else's Location probably for investigation cases
• Some might need Us to Hack into Court's Database to Clear criminal records.
• However, Some People Might Have Lost So Much Funds With BINARY OPTIONS BROKERS or BTC MINING and wish to Recover Their Funds
• All these Are what we can get Done Asap With The Help Of Our Root Hack Tools, Special Hack Tools and Our Technical Hacking Strategies Which Surpasses All Other Hackers.
★ OUR SPECIAL SERVICES WE OFFER ARE:
* RECOVERY OF LOST FUNDS ON BINARY OPTIONS
* Credit Cards Loading ( USA Only )
* BANK Account Loading (USA Banks Only)
★ You can also contact us for other Cyber Attacks And Hijackings, we do All ★
★ CONTACTS:
* For Binary Options Recovery,feel free to contact (Creditcards.atm@gmail.com)for a wonderful job well done,stay safe.
Why waste your time waiting for a monthly salary. When you can make up to $3,000 in 5-7days from home,
Invest $300 and earn $3,000
Invest $500 and earn $5,000
Invest $600 and earn $6,000
Invest $700 and earn $7,000
Invest $800 and earn $8,000
Invest $900 and earn $9,000
Invest $1000 and earn $10,000
IT HAS BEEN TESTED AND TRUSTED
Cool way to have financial freedom!!! Are you tired of living a poor life, here is the opportunity you have been waiting for. Get the new ATM BLANK CARD that can hack any ATM MACHINE and withdraw money from any account. You do not require anybody’s account number before you can use it. Although you and I knows that its illegal,there is no risk using it. It has SPECIAL FEATURES, that makes the machine unable to detect this very card,and its transaction can’t be traced .You can use it anywhere in the world. With this card,you can withdraw nothing less than $4,500 a day. So to get the card,reach the hackers via email address : besthackersworld58@gmail.com or whatsapp him on +1(323)-723-2568
ReplyDeleteHack and take money directly from any ATM Machine Vault with the use of ATM
ReplyDeleteProgrammed Card which runs in automatic mode. email
oscarwhitehackersworld@gmail.com
whatsapp..+1(510)-777-9243 or call/Text him +1(510)-984-6924
010Life - Because Your 10Nd Life Belongs Here.: Password Cracking : John The Ripper And Hashcat! >>>>> Download Now
ReplyDelete>>>>> Download Full
010Life - Because Your 10Nd Life Belongs Here.: Password Cracking : John The Ripper And Hashcat! >>>>> Download LINK
>>>>> Download Now
010Life - Because Your 10Nd Life Belongs Here.: Password Cracking : John The Ripper And Hashcat! >>>>> Download Full
>>>>> Download LINK
HAVE YOU LOST YOUR MONEY TO BINARY OPTION SCAM OR ANY ONLINE SCAM WHATSOEVER?.DO YOUR DESIRE CREDIT REPAIR[EQUIFAX, EXPERIAN, TRANSUNION? WELL, YOU HAVE FOUND REDEMPTION.
ReplyDeleteBEWARE OF FRAUDSTERS looking to hoax.
if you have been a VICTIM, contactEmail:creditcards.creditscoreupgrade@gmail.com
whatsapp:+1(437) 536-6082 for directives.
Here, it's always a win for you.
��OUR SERVICES��
∆Binary Option funds recovery
∆Social media hack
∆Recovery of loan scam
∆Credit repair (Equifax,Experian,Transunion)
∆Email hack
∆College score upgrade
∆Android & iPhone Hack
∆Website design
∆Website hack
∆And lots more.
We have specially programmed ATMs that can be used to withdraw money at ATMs, shops and points of sale. We sell these cards to all our customers and interested buyers all over the world, the cards have a withdrawal limit every week.
CONTACT INFO:
Email:creditcards.creditscoreupgrade@gmail.com
whatsapp:+1(437) 536-6082
Copyright ©️ 2022.
ReplyDeleteHack and take money directly from any ATM Machine Vault with the use of ATM
Programmed Card which runs in automatic mode. email
oscarwhitehackersworld@gmail.com
whatsapp..+1(510)-777-9243
This comment has been removed by the author.
ReplyDelete