Scribd
Upload
97 views5 pages

Password Cracking with Hydra & John

Uploaded by

imgautam076
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
97 views5 pages

Password Cracking with Hydra & John

Uploaded by

imgautam076
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Lab-08: Working with Password Cracking Tools in Kali Linux

Lab Objective:
The objective of this lab is to explore and understand the functionality of password-cracking
tools available in Kali Linux, their practical applications, and ethical considerations. The
focus will be on tools such as Hydra and John the Ripper.

Lab Requirements:
• A system running Kali Linux.
• Sample password-protected files or services.
• Vulnerable Machine : Metasploitable2

Tools Overview:
1. Hydra: Used for brute-force attacks on remote authentication services.
2. John : the Ripper: A fast password cracker for local file analysis.

Lab Task:
Download Word List file:
• Search the password wordlist by browsing Google “password wordlist
download”

Part 1: Using Hydra for Brute Force Attacks


1. Open a terminal in Kali Linux.
2. Identify a service for testing, e.g., SSH, FTP, or HTTP.
Syntax: hydra -1 [username] -P [password_list.txt] [target IP]
service_name

Step-1: Make or download password list file and name it as [Link]


Step-2: Target Machine- Metasploitable2
IP: [Link]
Step-3: Testing ftp Service, Username known and we find the password, type the
following command:
# hydra -l msfadmin -P [Link] [Link] ftp

Step-4: When password is known and we have to find username. Make/ download users list.
# hydra -L [Link] -p msfadmin [Link] ftp

Step-5, both username and password unknown


# hydra -L [Link] -P [Link] [Link] ftp
Step-6, saving output in file

# hydra -L [Link] -P [Link] [Link] ftp -o [Link]

3. Observe the results and note any successful login attempts.


Part 2: Cracking Password Hashes with John the Ripper
# sudo apt install john
SINGLE CRACK MODE:
1. Create a file containing encrypted password
# nano [Link]

stealth:d776dd32d662b8efbdf853837269bd725203c579

Paste the hash key in the crack file and save it and exit.
Type the following in the terminal to run in Single crack mode:
# john --single --format=raw-sha1 [Link]

# john --show [Link]


WORDLIST MODE/ DICTIONARY MODE:
Download the wordlist file and rename as [Link] and save it in the Kali Desktop
Cracking the password of Kali Linux User:

1. Obtain a sample hash file from /etc/shadow and /etc/passwd.


2. Obtain the user details from the files as
sudo cat passwd
Copy the user information and create a new file as passwd (nano passwd ) in the
Desktop and save the copied information in the files.
Similarly, create a shadow file in the Desktop by copying the user details from
/etc/shadow file.
3. Format the hash file using unshadow (for shadow files). At the desktop of Kali, open
the terminal and type
unshadow passwd shadow > [Link]

sudo john --wordlist=[Link] --format=crypt [Link]

Cracking zip file password


Target zip file: [Link]
Type the following at the terminal:
1. # sudo zip2john [Link] > [Link]

2. # sudo john --format=zip [Link]

Conclusion:
• Hydra: Successfully identified weak credentials for the test FTP service.
• John the Ripper: Recovered simple passwords from the provided hash file
within a reasonable timeframe.
Faculty Signature ...............

You might also like