MITRE ATT&CK

Password Attacks


Passwords and Password Cracking



Brief Intro To Passwords


Passwords are a common form of authentication used to verify the identity of a user before granting access to a system or an account. They serve as a secret combination of characters that only the authorized user should know. Typically, passwords are associated with user accounts and are used as a means to protect sensitive information, such as personal data, financial details, or confidential files.


Hashing


Hashing is a process used to convert plain text into a fixed-length string of characters, known as a hash value or hash code. It is commonly used in password storage to enhance security. When a user creates a password, the system applies a hashing algorithm to transform it into a hash. The resulting hash is then stored in the system's database instead of the actual password. This way, even if the database is compromised, the original passwords are not revealed.


Bruteforcing

Bruteforcing is an attack method used to discover passwords or encryption keys by systematically trying all possible combinations until the correct one is found. It is an exhaustive trial-and-error technique and can be resource-intensive and time-consuming. In the context of password cracking, an attacker attempts various combinations of characters, such as different words, numbers, symbols, and their combinations, in an automated manner.


Bruteforcing can be effective against weak passwords that are easily guessable or have been improperly secured. However, it becomes increasingly difficult and time-consuming for longer and more complex passwords. To mitigate brute-force attacks, security measures such as account lockouts, CAPTCHAs, and rate limiting are often implemented to limit the number of attempts an attacker can make within a given time period. Additionally, the use of strong, unique passwords and multi-factor authentication can significantly increase the resilience of password-based systems against brute-force attacks.


Tutorial: Password Cracking Tools - John the Ripper, Hydra, and Hashcat


1. John the Ripper


John the Ripper Options

Option Description
--wordlist=FILE Specify the wordlist file for dictionary attacks.
--rules=FILE Apply transformation rules from the specified file.
--format=NAME Specify the hash format type to be cracked.
--incremental[=MODE] Enable incremental mode (try all possible combinations).
--session=NAME Specify a session name to resume a previously saved session.
--status Prints status information during the cracking process.
--show Show cracked password candidates.
--users=[-]LOGIN|UID[,..] Specify one or more users to target by login name or UID.
--fork=N Set the number of cracking processes to run in parallel.
--config=FILE Load options from the specified configuration file.

What is John the Ripper?


John the Ripper is a versatile password cracking tool known for its speed and efficiency. It can be used to detect weak passwords, test password policies, and crack various types of password hashes. John the Ripper supports multiple platforms, including Windows, macOS, and Linux.


How does it work?


John the Ripper uses various cracking modes, such as single crack mode, wordlist mode, and incremental mode. It leverages powerful algorithms and techniques like dictionary attacks and brute-force attacks to crack passwords. The tool supports a wide range of hash formats, including Unix, Windows LM/NTLM, MD5, and more.


Installation and Usage


  1. Visit the official John the Ripper website: https://www.openwall.com/john/
  2. Download the appropriate version for your operating system.
  3. Extract the downloaded file to a desired location.
  4. To use John the Ripper, open a terminal or command prompt and navigate to the directory where you extracted the tool. Execute the appropriate command depending on your target and the type of attack you want to perform. For example:

    • To crack Unix passwords using a wordlist attack:
      • $john --wordlist=wordlist.txt /path/to/passwords.txt
    • To perform a brute-force attack on an encrypted ZIP file:
      • $john --format=zip /path/to/encrypted.zip


2. Hydra


Hydra Options

Option Description
-l LOGIN Specify the login username or user list.
-P FILE Specify the password list file.
service://host[:port] Specify the target service, host, and optional port.
-t TASKS Set the number of parallel tasks/connections.
-M FILE Load a list of modules from the specified file.
-C FILE Load additional module-specific options from the specified configuration file.
-e ns Do not stop on successful login.
-W FILE Write login/pass pairs to the specified file.
-o FILE Save cracked credentials to the specified file.
-f Exit after the first valid login/password pair is found.

What is Hydra?


Hydra is a popular network authentication brute-forcing tool. It supports various protocols such as HTTP, FTP, SMTP, SSH, and more, allowing you to attempt to crack passwords by trying different username/password combinations.


How does it work?


Hydra uses a combination of username and password lists to systematically try different credentials against a target server or service. It can perform both dictionary attacks and brute-force attacks, making it a versatile tool for password cracking.


Installation and Usage


  1. Visit the official Hydra website: https://github.com/vanhauser-thc/thc-hydra
  2. Download and install Hydra according to the provided instructions for your operating system.
  3. Open a terminal or command prompt and navigate to the directory where Hydra is installed. Execute the appropriate command depending on the protocol and attack type you want to perform. For example:

    • To perform a dictionary attack on an FTP server:
      • $hydra -l username -P password_list.txt ftp://target_ip
    • To perform a brute-force attack on an SSH server:
      • $hydra -l username -x min:max:charset ssh://target_ip


Watch Our Video On Using Hydra






3. Hashcat


Hashcat Options

Option Description
-m FORMAT Specify the hash format to be cracked.
-a ATTACK_MODE Specify the attack mode to be used.
-o FILE Specify the output file to save recovered hashes.
-w WORKLOAD_PROFILE Set the workload profile for hash cracking.
-r RULES_FILE Apply custom transformation rules from the specified file.
-a 0 --increment Enable incremental mode (try all possible combinations).
-a 1 --attack-mode=1 Perform a dictionary attack.
-a 3 --attack-mode=3 Perform a mask attack.
-w 3 Set the workload profile to a medium workload.
-o cracked.txt Save the cracked passwords to the specified file.

What is Hashcat?


Hashcat is a powerful password recovery and cracking tool. It supports a wide range of hash algorithms and provides optimized cracking techniques, including dictionary attacks, mask attacks, rule-based attacks, and hybrid attacks.


How does it work?


Hashcat utilizes the computing power of GPUs and CPUs to crack password hashes. It can handle a vast number of hash formats, making it suitable for various password cracking scenarios. Hashcat's flexibility and speed make it a popular choice among security professionals.


Installation and Usage


  1. Visit the official Hashcat website: https://hashcat.net/hashcat/
  2. Download the appropriate version for your operating system.
  3. Extract the downloaded file to a desired location.
  4. Open a terminal or command prompt and navigate to the directory where Hashcat is installed. Execute the appropriate command depending on the hash type and attack mode you want to use. For example:

    • To crack an MD5 hash using a wordlist attack:
      • $hashcat -m 0 -a 0 -o output.txt hashes.txt wordlist.txt
    • To perform a mask attack on a bcrypt hash:
      • $hashcat -m 3200 -a 3 -o output.txt hashes.txt ?l?l?l?l?l?l


Conclusion


In this tutorial, we explored three powerful password cracking tools: John the Ripper, Hydra, and Hashcat. Each tool has its unique features and capabilities, making them valuable assets for security professionals and researchers in evaluating the strength of passwords and identifying vulnerabilities.


John the Ripper excels in cracking various types of password hashes and offers multiple cracking modes. It supports a wide range of platforms and hash formats, making it a versatile tool for detecting weak passwords and assessing password policies.


Hydra specializes in network authentication brute-forcing and supports multiple protocols. By trying different username and password combinations, it helps identify weak credentials on services such as FTP, SSH, and more.

Hashcat stands out for its GPU and CPU acceleration, allowing for high-performance password cracking. Its extensive support for hash algorithms and attack modes, including dictionary attacks and rule-based attacks, makes it an invaluable tool for recovering passwords from various hash types.


It is essential to note that these tools should only be used for legitimate purposes, such as testing the security of your own systems or with proper authorization. Unlawful use or unauthorized access to systems is illegal and unethical.




We use cookies to improve your experience. By using our site, you agree to our Privacy Policy.