To crack the password. Grab the hashes One way to get the hashes is to use the hash from the /etc/shadow file. The type of hashing used is the SHA512 algorithm. Choose your wordlist There are many wordlists available. To find the wordlists available, type the command. For password cracking, you can choose two different methods 1. Dictionary Attack 2. Brute Force Attack. The Dictionary attack is much faster when compared to Brute force attack.(There is another method named as “Rainbow table”, it is similar to Dictionary attack).
Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.
Some other options are:
Of course John the Ripper (JTR) has some built in options for creating permutations from Wordlists.
Crunch – Password Cracking Wordlist Generator Features
Crunch generates wordlists in both combination and permutation ways
It can breakup output by number of lines or file size
Now has resume support
Pattern now supports number and symbols
Pattern now supports upper and lower case characters separately
Adds a status report when generating multiple files
now has unicode support
You can download Crunch wordlist generator here:
Or read more here.
For password cracking, you can choose two different methods 1. Dictionary Attack 2. Brute Force Attack. The Dictionary attack is much faster when compared to Brute force attack.(There is another method named as “Rainbow table”, it is similar to Dictionary attack).
In order to achieve success in dictionary attack, we need a large size of Password list.
Here is the list of 1,717,681 passwords(Free to download): http://dazzlepod.com/site_media/txt/passwords.txt
If you didn’t get success using the above password list, then you can get the UNIQPass dictionary file from dazzlepod.
UNIQPASS is large password list useful for use with John the Ripper (JtR) wordlist mode to translate even more hashes into cleartext passwords. While we have had good success rate with our standard password list passwords.txt (17.5MB), we realized the list can be made more useful and relevant if we include commonly used passwords from the recently leaked databases belonging to large websites. As a result, we have compiled millions of unique passwords into UNIQPASS.
UNIQPASS is available for purchase at only $4.99; see preview of UNIQPASS from these 2 million randomly selected passwords (18.9MB).
Get the UNIQPass Dictionary file from here: http://dazzlepod.com/uniqpass/