Ethical Password Cracking
This is not part of teaching crime. Cracking passwords is illegal unless you have specific permission from the target of the activity.
The only ligitimate reason to try this, is to gauge the level of protection in the system that is the target of this endeavour.
We shall look at three programs capable of cracking passwords. They are all part of a standard installation of the Linux distribution Kali Linux. The programs are
References for this Part
John the Ripper
Documentation and Installation
The official website with download and installation information is at (https://www.openwall.com/john/).
A good tutorial may be found at (https://www.varonis.com/blog/john-the-ripper)
Hands On
In this concrete case we have made john attempt to crack the passwords of a Linux system. This requires an initial step to gather the password info into one file. The program for that is part of the JtR package:
|
|
Then, when the hashed passwords are available in tocrack.txt
we do step 1 of the process:
|
|
In both cases the $
prompt suggests that the processes may be run as
a regular, unprivileged user. The output from step 1 will be something similar to:
|
|
Hydra
Hydra is …
|
|
Hands On
bla bla
Hashcat
Hashcat is …
Hands On
bla bla