John

//search in kali to be safe had malware last time. john tgthash.txt --fork=4 -w=/usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt decrypt an encrypted ssh key: $ /usr/share/john/ssh2john.py id_rsa > id_rsa.d $ john id_rsa.d --wordlist=../rockyou.txt //then still ssh with the encrypted id_rsa but use the cracked passphrase we found John comes with an extensive configuration file where password mutations can be defined. We must modify this file to get the settings we want or just add to it if we know something. # nano /etc/john/john.conf #john --wordlist=megacorp-cewl.txt --rules --stdout > mutated.txt Hash cracking: This will tell us what the hash type is. But this type of hash crack will take a long time to complete since it bruteforces the strings. # john 127.0.0.1.pwdump Using a wordlist instead: # john --wordlist=/usr/share/wordlists/rockyou.txt 127.0.0.1.pwdump If any passwords remain to be cracked, we can next try to apply john’s word mangling rules with the –rules parameter. # john --rules --wordlist=/usr/share/wordlists/rockyou.txt127.0.0.1.pwdump In order to crack Linux hashes with john, you will need to first use the unshadow utility to combine the passwd and shadow files from the compromised system. # unshadow passwd-file.txt shadow-file.txt > unshadowed.txt # john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt John the Ripper shadow file $ unshadow passwd.txt shadow.txt > unshadow.txt $ john unshadow.db # Hashcat SHA512 $6$ shadow file hashcat -m 1800 -a 0 hash.txt rockyou.txt --username