Alright, cracking MD5 hashes with John the Ripper and oclHashcat-plus! If you’re new to this game, it can seem a bit daunting at first, but trust me, once you get the hang of it, it’s like riding a bike. Or, more accurately, like playing a video game where you get to be the bad guy and break into people’s accounts.
First: let’s generate that wordlist! We can do this using John the Ripper by running the following command in our terminal:
# This script is used to generate a wordlist using John the Ripper by extracting unique passwords from a file and saving them in a new file.
# The "cut" command is used to extract specific fields from a file, in this case, the second field onwards, separated by ":".
# The "-d" flag specifies the delimiter, in this case, ":".
# The "-f" flag specifies the fields to be extracted, in this case, the second field onwards.
# The "john.pot" file contains a list of cracked passwords and their corresponding hashes.
cut -d: -f 2- john.pot |
# The "sort" command is used to sort the output in alphabetical order.
# The "-u" flag ensures that only unique passwords are saved in the output file.
sort -u > cracked.dic
This will take all of the passwords from a file called `john.pot`, split them at the colon, and output only the second field (the actual password) to a new file called `cracked.dic`. We then use `sort` to remove any duplicates.
Now that we have our wordlist, let’s crack some MD5 hashes! First, make sure you have oclHashcat-plus installed and ready to go. If not, head over to the official website (https://hashcat.net/oclHashcat/) and download it for your operating system.
Once that’s done, let’s run our first attack using John the Ripper! We can do this by running:
# This script uses the magnum-ripper64 tool to perform a brute force attack on a list of MD5 hashes.
# It requires oclHashcat-plus to be installed and ready to use.
# If not already installed, download it from the official website (https://hashcat.net/oclHashcat/) for your operating system.
# The -a flag specifies the attack mode, in this case, mode 3 which is a brute force attack.
# The --format flag specifies the format of the hashes, in this case, raw-md5-opencl.
# The ~/hashes/my_hashes.txt is the file containing the hashes to be cracked.
# The ~/Wordlists/cracked.dic is the dictionary file used for the brute force attack.
# The ?1?1 is the mask used for the brute force attack, in this case, it will try all combinations of two characters.
# The -o flag specifies the output file for the cracked hashes.
# The Ultimate_Crack/eNtr0pY_1 is the name of the output file.
# The --remove flag removes the cracked hashes from the original file.
magnum-ripper64 -a 3 --format=raw-md5-opencl ~/hashes/my_hashes.txt ~/Wordlists/cracked.dic ?1?1 -o Ultimate_Crack/eNtr0pY_1 --remove
This will use magnum-ripper (a faster version of John the Ripper) to crack MD5 hashes using our `cracked.dic` wordlist, and output any successful results to a file called `Ultimate_Crack/eNtr0pY_1`. The `?1?1` part is telling magnum-ripper to only try passwords that are 1 character long (the first question mark) followed by one more character (second question mark).
Now, let’s say we want to use oclHashcat-plus instead. We can do this by running:
# This script uses oclHashcat-plus to crack passwords from a file called `my_hashes.txt` using a dictionary file called `cracked.dic` and a set of rules from `best64.rule`.
# The cracked passwords will be outputted to a file called `eNtr0pY_1` in the `Ultimate_Crack` directory.
# The `-a 3` flag specifies the attack mode as a combination attack, where multiple words from the dictionary are combined to create passwords.
# The `-1 ?l?d` flag specifies the character set to be used for the first character of the password, which includes lowercase letters and digits.
# The `-m 0` flag specifies the hash type as MD5.
# The `?1?1` part is telling oclHashcat-plus to only try passwords that are 1 character long (the first question mark) followed by one more character (second question mark).
# The `-r` flag specifies the rules file to be used for modifying the dictionary words.
# The `--remove` flag removes any previously cracked passwords from the dictionary before starting the cracking process.
oclHashcat64.bin -a 3 -1 ?l?d -m 0 ~/hashes/my_hashes.txt ~/Wordlists/cracked.dic ?1?1 -r rules/best64.rule -o Ultimate_Crack/eNtr0pY_1 --remove
This will use oclHashcat-plus to crack MD5 hashes using our `cracked.dic` wordlist, and output any successful results to a file called `Ultimate_Crack/eNtr0pY_1`. The `?l?d` part is telling oclHashcat-plus to only try passwords that are 2 characters long (the first question mark) followed by one more character (second question mark).
Now, let’s say we want to use a hybrid attack with rules. We can do this by running:
# This script is using oclHashcat-plus to perform a hybrid attack with rules on a file called eNtr0pY_1 in the Ultimate_Crack directory.
# The -a 3 flag specifies the attack mode as a hybrid attack.
# The -1 flag specifies the character set to be used for the first position in the password.
# In this case, it is set to ?l?d, which means lowercase letters and digits.
# The -m 0 flag specifies the hash type as 0, which is for MD5 hashes.
# The ~/hashes/my_hashes.txt is the file containing the hashes to be cracked.
# The ~/Wordlists/cracked.dic is the dictionary file containing potential passwords.
# The ?1?1 specifies that the password should be 2 characters long, followed by one more character.
# The -r flag specifies the rule file to be used for the hybrid attack.
# In this case, it is set to rules/best64.rule.
# The -o flag specifies the output file for the cracked passwords.
# In this case, it is set to Ultimate_Crack/eNtr0pY_1.
# The --remove flag removes the cracked passwords from the dictionary file.
oclHashcat64.bin -a 3 -1 ?l?d -m 0 ~/hashes/my_hashes.txt ~/Wordlists/cracked.dic ?1?1 -r rules/best64.rule -o Ultimate_Crack/eNtr0pY_1 --remove
This will use oclHashcat-plus to crack MD5 hashes using our `cracked.dic` wordlist, and output any successful results to a file called `Ultimate_Crack/eNtr0pY_1`. The `?l?d` part is telling oclHashcat-plus to only try passwords that are 2 characters long (the first question mark) followed by one more character (second question mark).
The `best64.rule` file we’re using here is a predefined rule set from KoreLogic, which can be found on their website (https://www.korelogic.com/resources/tools-and-demos/john-the-ripper-rules). These rules are designed to help crack passwords that might not otherwise be cracked using traditional methods.
With these simple commands, you’re on your way to becoming a master of MD5 hash cracking with John the Ripper and oclHashcat-plus.