Security
##π Overview Of Wordlists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.π
Understanding password security is crucial, considering different encryption methods for a password like "R@nT4g*Ne!":
SHA-1:
SHA-1 with Salt:
MD5:
AES (Advanced Encryption Standard):
-- Encryption Algorithms
-- One Way Hash - Designed for cryptography
Lets Checkout some commands basics.
This command is used to generate an actual
echo -n "adminpassword" | sha1sum
Result : bash efacc4001e857f7eba4ae781c2932dedf843865e
HashID is used to determine the type of hash
Create a new file called new.hash
touch new.hash
nano new.hash
Note : Inside nano to save the file press CTRL + X and then Y then ENTER To save the file .
Now use hashid to determine what hash type this file is using
hashid -m new.hash
Syntax
Usage: crunch <min> <max> [options]
βββ(rootγΏkali)-[~]
ββ# crunch 1 3 0123456789 -O /home/kali/Desktop/phonepassword.txt
βββ(rootγΏkali)-[~]
ββ# crunch 3 10 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
βββ(rootγΏkali)-[~]
ββ# crunch 1 3 0123456789 >> /usr/share/wordlists/rockyou.txt
Simply used to generate rockyou.txt and show Word List Files on Kali.
βββ(rootγΏkali)-[~]
ββ# wordlists
Result
/usr/share/wordlists
βββ amass - /usr/share/amass/wordlists
βββ dirb - /usr/share/dirb/wordlists
βββ dirbuster - /usr/share/dirbuster/wordlists
βββ fasttrack.txt - /usr/share/set/src/fasttrack/wordlist.txt
βββ fern-wifi - /usr/share/fern-wifi-cracker/extras/wordlists
βββ john.lst - /usr/share/john/password.lst
βββ legion - /usr/share/legion/wordlists
βββ metasploit - /usr/share/metasploit-framework/data/wordlists
βββ nmap.lst - /usr/share/nmap/nselib/data/passwords.lst
βββ rockyou.txt
βββ rockyou.txt.gz
βββ sqlmap.txt - /usr/share/sqlmap/data/txt/wordlist.txt
βββ wfuzz - /usr/share/wfuzz/wordlist
βββ wifite.txt - /usr/share/dict/wordlist-probable.txt
βββ(rootγΏkali)-[~]
ββ# cd /usr/share/wordlists // cd into wordlists directory
βββ(rootγΏkali)-[~]
ββ# ls -la // list all directory items
βββ(rootγΏkali)-[~]
ββ# gunzip /usr/share/wordlists/rockyou.txt.gz //extracts rockyou.txt if not extracted already
Always check the -h or --help option for any tool used on kali to check the syntax and options.
βββ(rootγΏkali)-[~]
ββ#john --help
βββ(rootγΏkali)-[~]
ββ# john --list=formats // formats and protocols that can be used with john
βββ(rootγΏkali)-[~]
ββ#john --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-SHA1 --fork2 SHA1.txt
βββ(rootγΏkali)-[~]
ββ#john --show --format=Raw-SHA1 SHA1.txt
The Same commands apply for SHA224, SHA256, MD5, MD4 for example and the check the formats that john support with the command provided in the above.
π Core Attack Modes π
Read more about Markov Chains.
hashcat --help
hashcat -m 100 new.hash rockyou.txt
Check MetaSploit WordLists
ls -lh /usr/share/metasploit-framework/data/wordlists/
Common Password Formats
Understanding password security is very important, with various tools transforming passwords in distinct ways. Let's consider the password "R@nT4g*Ne!" (Rent Forgone, in common terms) and observe its transformation through different encryption methods:
SHA-1:
Output: 12bf203295c014c580302f4fae101817ec085949 Characteristics: 40 characters, no clear decryption method. SHA-1 with Salt:
Output: bc6b79c7716722cb383321e40f31734bce0c3598 Characteristics: Still 40 characters, with the addition of the word "Free." MD5:
Output: 4e84f7e8ce5ba8cdfe99d4ff41dc2d41 Characteristics: Encoded into a 128-bit string. AES (Advanced Encryption Standard):
Characteristics: Utilizes a symmetric encryption algorithm with variable bit length. Note: The outcome of AES encryption is highly variable, depending on factors like bit length, making it nearly impossible to predict the final password representation. In summary, these encryption methods offer different levels of security and characteristics, with varying degrees of complexity and resistance to decryption.
πKali Linux Wordlist: What you need to know πcrunch πWordLists - Kali-Tools πWordLists - GitLab - repository πJohn - Kali-Tools . πOpenwall -github repository -John πJohn-The-Ripper-Tutorial - Techy Rick πOpenwall -John - Offical Website . πHash Cat - Wiki πCap 2 Hashcat πMarkov - Chain πHash Cat - Forums πSecurity Stack Exchange - Question 260773 πStationX - How to use Hashcat πMSF/Wordlists - charlesreid πMSFConsole πHow to use hashcat πMSF/Wordlists - charlesreid1 πWhere do the words in /usr/share/dict/words come from? πSCOWL (Spell Checker Oriented Word Lists) πThe spell utility -spell - find spelling errors (LEGACY) - UNIX What are Different Types of Cryptography? sha1-vs-sha2-the-technical-difference-explained-by-ssl-experts/ πpassword-encryption πSecure-Programs SHA-1 πWhat-are-computer-algorithms πWhat Are MD5, SHA-1, and SHA-256 Hashes, and How Do I Check Them? - howtogeek.com πkali-linux-wordlist-what-you-need-to-know
Johnny Openwall -info wiki -Johnny Openwall -github repository -Johnny