Cracking Hashes -- Offline and Online

It's always a good idea to check hash online, if it has been cracked already then it will be very easy to figure it out. We will learn about some cool websites to decrypt /crack hashes in online but websites and online services may not available everywhere, and assume those websites can't crack our hash in plain text. In that cases, we should use offline tools. There are some grate hash cracking tool comes pre-installed with Kali Linux. But first of this tutorial we learn John,  Johnny this twin tools are very good in cracking hashes and then we learn online methods.

Offline Methods 

 

 John the ripper


John the ripper is free and open source tool. To use this easy and awesome tool just open terminal window and call his name "john".

john

John will show all his option just like the following screenshot:


What we need to do now to crack a hash?

First of all we need to know what kind of hash encountered with us. We learned  identify hashes in our previous tutorials Know The Hash and Hash-Id .

And we need to ready our word-list which will brute-force the hash. We also have an article on it read that by clicking here.

Now type the following command

john --format=raw-md5 --wordlist=/path/of/wordlist/demo_word_list.txt /path/of/hash/demo_hash.txt

The screenshot is following:


Now we can see our hash has been cracked successfully. The hash was 2f47a213cacefc2f8bd4ec9325a1b3c5 .

Johnny


Johnny is brother of John the ripper. Why? The work of John and Johnny are almost same. Basically Johnny is a GUI client for John. When it adds UI, it becomes very easy to use it.
To run it we need to open our terminal window and type following command:

johnny
Then the GUI tool will start up like the following screenshot:




Now we  load the hash file by clicking the Open Passwd File option. We can see our file has been loaded in following screenshot:




Then we need to go in the Options and choose/type the format of hash, and then specify the directory of wordlist file in the Wordlist section.



Once it is done we click on the Start new attack we should see our password when it's cracked.


Online Methods


Hashkiller


Hashkiller is a grate online service where we can submit our hashes, if it has already cracked it will show the plain text. This website did not crack hashes in realtime it just collect data on cracked hashes and shows to us. Here is the link of Hashkiller - https://hashkiller.co.uk/.


This website supports MD5,NTLM,SHA1,MySQL5,SHA256,SHA512 type of encryption.

CrackStation


CrackStation is a online service that supports various type of encryption. They have a 190GB 15-billion-entry lookup table for MD5 and SHA1 hashes.
The link of CrackStation is : https://crackstation.net/.



CrackStation provide us a wordlist we can use that on offline cracking. The download link is : https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm.



Cracking Hashes -- Offline and Online Cracking Hashes -- Offline and Online Reviewed by Kali Linux on March 12, 2019 Rating: 5

No comments:

Powered by Blogger.