Kali Linux Tutorials

Category: Password Attacks

  • Crunch — Custom Wordlist Generator

    Wordlists are the very crucial things in brute-force attacks. A brute-force password attack is a attack in which an attacker uses a script to repeatedly try to log into an account using a list of possible passwords until they successfully logged in.

    In this tutorial we are going to learn generating our custom made wordlist with crunch, it uses permutation and combinations to create all possible combinations of the given character set. Crunch comes pre-installed with our Kali Linux environment.

    As always we start from the terminal window and type following command to run crunch:

    crunch

    The screenshot of the command is following:

    Now we are going to make a wordlist by using following command :

    crunch 4 5 ABCDEFGHIJKLMNOPQRSTUVWXYZ -O /root/Desktop/wordlist.txt

    The output of preceding command is following:

    In the command the first number (4) is for the minimum length of the possible password we want, and the second number (5) is for the maximum number of possible password we want to generate, and we use all capital characters. We also can use small characters and numbers and symbols, and then -o for output directory and name of the wordlist. As we can see the file size is 70 MB and there are 12338352 possible passwords.

    We can use capital letters, small letters, numbers, symbols etc to generate a bigger wordlist. like the following command:

    crunch 4 8 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789@,.*&%# -O /root/Desktop/wordlist.txt

    The screenshot of the command is following:

  • Cewl — Crawls For Wordlist

    The cewl is a CLI based ruby app which spider a URL to a specified depth and searches for words that can be used for password attacks. That means it can generate a custom wordlist form the words used in any website. This is open source and the source code is available in Github. Don’t worry we didn’t need to clone it from Git, this tool comes pre-installed with Kali Linux. OPen terminal window and type following command to see the options of cewl:

    cewl -h

    The screenshot is following :

    To crawl a website, we use this following command:

    cewl -d 2 http://192.168.36.16/forum/

    The screenshot is following:

    Here we can see the wordlist is making which we can use in attacks.

  • Hash ID — The Hash Identifier

    Hash Id is Command Line Interface (CLI) software written in python and it can identify many type of hashes. In our previous post we learned how we can identify some common type of hash, but it is not that we get always common type of hashes. Kali Linux comes with preinstalled tool hash identifier. We can check the hashes list supported by hash-identifier in this link. To start the tool open the terminal window in our Kali Linux system and type following command :

    hash-identifier

    The screenshot of following command is in below :

    Now we need to type (copy and paste will be the best) the hash we have, and this tool will show us the method of encryption used to generate this hash.

    This method of identifying hashes is based on possibility. It will show us a list of possible type of hashes as we can see in the above picture.

    Subscribe us to receive more exciting tutorial updates in your e-mail.

    Have any questions ? Fell free to ask anything in the comment section below.

  • Hashing — Know The Hash

    We are starting “Password Attacks” label and this is the first tutorial in  “Password Attacks” category. Before attacking on passwords we need to learn about Hashes, and how to break hashes and find original password or any other sensitive data. So we learn this topic in some posts.
    Hashes are  the output of a one-way mathematical algorithms, that means they can’t be reversed. We can break them by brute-force only. Hashing is very important for cryptography.

    In this post we will learn about the structure of some common hashes and how to identify them.

    Following are the types of hashes and how to identify the Hash:

    MD5

    This is the most widely used hash function. Here, MD stands for message-digest algorithm. These kind of hashes can be easily identified by using following observations:

    • They are hexadecimal.
    • MD5 is 32 characters in length and of 128 bits, for an example 499bb86f9e766e1bd2786cfd17c3bf7.
    MySQL < v4.1

    Some time we can get this kind of hashes while extracting data from SQL Injection. We can identify this kind of hash by using following observations:

    • They are also hexadecimal.
    • MySQL less then v4.1 is 16 characters in length of and 64 bits, for an example 608457496645bcba

    MD5 (WordPress)

    This type of hashes is used on website made via WordPress. We can easily identify these type of hashes by following ways:
    • The most common thing is they always begin with $P$.
    • They have alphanumeric characters.
    • They are 34 characters in length and of 64 bits, for example, $P$9QGUsR07ob2rNMbmSCRh9Noi6rjJGR

    MySQL 5


    This is used in modern versions of MySQL to store sensitive information. These hashes can be identified using following observations:
    • All are in CAPITAL.
    • Always start with an asterisk (*)
    • The length of these tyoe of hashes is 41. For example,   *4ACEF987S5KK5CD467121KP91IP653917HGKL062

    Base64 encoding

    Base64 is very easy to identify. This type of hashes is done by encoding eight octets into four characters. Most easy method to check a Base64 encoding is as following:
    • Check that the length of the characters is a multiple by 4.
    • Base64 have a padding at the end, which is 0, 1, or 2, = characters, for example, TP66IGNskp9hbCBwbGGhc3UyBS4=

    This is the basics we can learn more by searching google. But here comes a question, if we need to crack a hash which is not is we talked in this post. In that case we will use a tool. We learn about is in next post.