Security

Word lists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.

Posted At : 2023-02-23T10:54:40Z

##πŸ” Overview Of Wordlists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.πŸ”

Common Password Formats

Understanding password security is crucial, considering different encryption methods for a password like "R@nT4g*Ne!":

  • SHA-1:

    • Output: 12bf203295c014c580302f4fae101817ec085949
    • Characteristics: 40 characters, no clear decryption method.

  • SHA-1 with Salt:

    • Output: bc6b79c7716722cb383321e40f31734bce0c3598
    • Characteristics: 40 characters, with the addition of the word "Free."

  • MD5:

    • Output: 4e84f7e8ce5ba8cdfe99d4ff41dc2d41
    • Characteristics: Encoded into a 128-bit string.

  • AES (Advanced Encryption Standard):

    • Characteristics: Utilizes a symmetric encryption algorithm with a variable bit length.

-- Encryption Algorithms

  • SHA-1-512 (-1-512) Stands for the buffer size when that increases the level of encryption is higher.

-- One Way Hash - Designed for cryptography

  • MD5 and MD4 example (Not Recommended to be Used Vulnerable).

Lets Checkout some commands basics.

Commands Basics

This command is used to generate an actual

echo -n "adminpassword" | sha1sum

Result : bash efacc4001e857f7eba4ae781c2932dedf843865e

  • HashID is used to determine the type of hash

  • Create a new file called new.hash

touch new.hash
  • Use the nano text editor the copy the result above or create your own.
nano new.hash

  • Note : Inside nano to save the file press CTRL + X and then Y then ENTER To save the file .

  • Now use hashid to determine what hash type this file is using

hashid -m new.hash
  1. Crunch The Command Used here Creates lists with every possible combination of number, you can also use crunch with uppercase and lowercase letters , special characters.
Syntax
Usage: crunch <min> <max> [options]

β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# crunch 1 3 0123456789 -O /home/kali/Desktop/phonepassword.txt
  • Optional Commands for testing
  • Its Optional (Requires alot of PC Resources).
β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# crunch 3 10 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  • Optional - Add generated list to already existing file like rockyou.txt
β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# crunch 1 3 0123456789 >> /usr/share/wordlists/rockyou.txt

1. Wordlists

Simply used to generate rockyou.txt and show Word List Files on Kali.

β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# wordlists

Result

/usr/share/wordlists
β”œβ”€β”€ amass - /usr/share/amass/wordlists
β”œβ”€β”€ dirb - /usr/share/dirb/wordlists
β”œβ”€β”€ dirbuster - /usr/share/dirbuster/wordlists
β”œβ”€β”€ fasttrack.txt - /usr/share/set/src/fasttrack/wordlist.txt
β”œβ”€β”€ fern-wifi - /usr/share/fern-wifi-cracker/extras/wordlists
β”œβ”€β”€ john.lst - /usr/share/john/password.lst
β”œβ”€β”€ legion - /usr/share/legion/wordlists
β”œβ”€β”€ metasploit - /usr/share/metasploit-framework/data/wordlists
β”œβ”€β”€ nmap.lst - /usr/share/nmap/nselib/data/passwords.lst
β”œβ”€β”€ rockyou.txt
β”œβ”€β”€ rockyou.txt.gz
β”œβ”€β”€ sqlmap.txt - /usr/share/sqlmap/data/txt/wordlist.txt
β”œβ”€β”€ wfuzz - /usr/share/wfuzz/wordlist
└── wifite.txt - /usr/share/dict/wordlist-probable.txt

β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# cd /usr/share/wordlists // cd into wordlists directory 
β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# ls -la // list all directory items
β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# gunzip /usr/share/wordlists/rockyou.txt.gz //extracts rockyou.txt if not extracted already

2. John The Ripper

Always check the -h or --help option for any tool used on kali to check the syntax and options.

  • Review Options </>
β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─#john --help
  • Check File Formats John Can Crack. </>
β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# john --list=formats // formats and protocols that can be used with john
β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─#john --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-SHA1 --fork2 SHA1.txt
β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─#john --show --format=Raw-SHA1 SHA1.txt

The Same commands apply for SHA224, SHA256, MD5, MD4 for example and the check the formats that john support with the command provided in the above.

3. HashCat - Advanced Password Cracker

  • Utilizes markov statistical theory A russian scientist - with AI.πŸ€–
  • Check PassGAN

πŸ”‘ Core Attack Modes πŸ”‘

  • Dictionary Attack - Tries all words in a list, also known as "straight" mode. (Attack mode 0, -a 0)
  • Combinator Attack - Concatenates words from multiple wordlists. (-a 1)
  • Brute-force Attack and Mask Attack - Tries all characters from given charsets, per position. (-a 3)
  • Hybrid Attack - Combines wordlists with masks (-a 6) and masks with wordlists (-a 7); can also be done with rules.
  • Association Attack - Uses additional information like a username, filename, or hint to attack a specific hash. (-a 9)

Read more about Markov Chains.

hashcat --help
hashcat -m 100 new.hash rockyou.txt

4. MSF/WordLists

Check MetaSploit WordLists

ls -lh /usr/share/metasploit-framework/data/wordlists/

Common Password Formats

Understanding password security is very important, with various tools transforming passwords in distinct ways. Let's consider the password "R@nT4g*Ne!" (Rent Forgone, in common terms) and observe its transformation through different encryption methods:

SHA-1:

Output: 12bf203295c014c580302f4fae101817ec085949 Characteristics: 40 characters, no clear decryption method. SHA-1 with Salt:

Output: bc6b79c7716722cb383321e40f31734bce0c3598 Characteristics: Still 40 characters, with the addition of the word "Free." MD5:

Output: 4e84f7e8ce5ba8cdfe99d4ff41dc2d41 Characteristics: Encoded into a 128-bit string. AES (Advanced Encryption Standard):

Characteristics: Utilizes a symmetric encryption algorithm with variable bit length. Note: The outcome of AES encryption is highly variable, depending on factors like bit length, making it nearly impossible to predict the final password representation. In summary, these encryption methods offer different levels of security and characteristics, with varying degrees of complexity and resistance to decryption.

References

πŸ”—Kali Linux Wordlist: What you need to know πŸ”—crunch πŸ”—WordLists - Kali-Tools πŸ”—WordLists - GitLab - repository πŸ”—John - Kali-Tools . πŸ”—Openwall -github repository -John πŸ”—John-The-Ripper-Tutorial - Techy Rick πŸ”—Openwall -John - Offical Website . πŸ”—Hash Cat - Wiki πŸ”—Cap 2 Hashcat πŸ”—Markov - Chain πŸ”—Hash Cat - Forums πŸ”—Security Stack Exchange - Question 260773 πŸ”—StationX - How to use Hashcat πŸ”—MSF/Wordlists - charlesreid πŸ”—MSFConsole πŸ”—How to use hashcat πŸ”—MSF/Wordlists - charlesreid1 πŸ”—Where do the words in /usr/share/dict/words come from? πŸ”—SCOWL (Spell Checker Oriented Word Lists) πŸ”—The spell utility -spell - find spelling errors (LEGACY) - UNIX What are Different Types of Cryptography? sha1-vs-sha2-the-technical-difference-explained-by-ssl-experts/ πŸ”—password-encryption πŸ”—Secure-Programs SHA-1 πŸ”—What-are-computer-algorithms πŸ”—What Are MD5, SHA-1, and SHA-256 Hashes, and How Do I Check Them? - howtogeek.com πŸ”—kali-linux-wordlist-what-you-need-to-know

Johnny Openwall -info wiki -Johnny Openwall -github repository -Johnny

Unknown block type "undefined", specify a component for it in the `components.types` option