-->

Cracking Linux Passwords

Cracking Linux passwords is essentially the same as cracking Windows passwords in the sense that you start by getting the hashes and then you try to find the matching passwords.

But, being completely different operating systems, the tools and procedures also have to be distinct.

 

Create test users

Use the following command:

sudo adduser [username]

Create users with these passwords:

test1 abc
test2 abcde
test3 password
test4 Alcanena
test5 Pa$$w0rd

Install John the Ripper Password Cracking Tool

John the Ripper is not installed by default in most Linux distros. If you are using Debian/Ubuntu Linux, enter:

sudo apt-get install john

In CentOS, Fedora or Redhat Linux, just use the appropriate package manager

sudo dnf install john

or

sudo yum install john

Cracking Windows 10 passwords

Creating the passwords

Time to continue our tour on the basic Windows cracking techniques. Let´s repeat the initial procedures explained in the previous post, but this time under Windows 10. Start by creating a few accounts and please use the exact same passwords:

net user test1 9#Yo~3 /add
net user test2 [1aZ4~ /add
net user test3 õç2}5$ /add
net user test4 7%hª5b /add
net user test5 9Ayo7Bz /add
net user test6 G85pdDL /add
net user test7 Ã49ÇaõF /add
net user test8 3É6Óêph /add
net user test9 3b567gh0 /add
net user test10 77xpy6vh /add
net user test11 4ã8ç6ê7õ /add
net user test12 56é2à4óç /add
Install CAIN and Win10Pcap (http://www.win10pcap.org/download/)

Try the dictionary attack using all three wordlist files previously used

Cracking Windows Passwords

Creating passwords to crack

You’ll need a Windows machine (real or virtual) with administrator access. It can run any version of Windows, XP or later, except Windows 10. If you want to use Windows Server 20xx, you’ll need to disable the "Password must meet complexity requirements" policy.

Click Start, type in CMD and press Shift+Ctrl+Enter.

If a "User Account Control" box appears, click Yes.

In the Administrator Command Prompt window, execute these commands:

net user test1 abc /add
net user test2 abcde /add
net user test3 password /add
net user test4 entrincheirado /add
net user test5 Pa$$w0rd /add
 

Those commands create five new system users.

clip_image002

 

Downloading and installing Cain & Abel

Open a browser and go to http://www.oxid.it/cain.html

Scroll down and click "Download Cain & Abel v4.9.56 for Windows NT/2000/XP".

Save the installer on your PC.

clip_image004

Double-click the installer. Install the software with the default options.

NOTE: Cain & Abel will be detected as malware by your virus scanner. You will need to allow it to install, which is pretty easy if you use Microsoft Security Essentials or Defender. If you don't want to install it on your real machine, use a VM.

The installer will also ask to install WinPCap. In order to guarantee full functionality and stability, install it too.

Sniffing for Passwords with Wireshark

Installing the Wireshark Packet Sniffer

What you need for this task:
  • A computer with Internet access. You need administrator privileges.
  • I wrote the instructions with Windows 7
Open a Web browser and go to WireShark.org

Download and install the latest version of Wireshark. The installer will also install WinPCap.

Reboot the machine to load the WinPCap driver

Note: If you have problems with WinPCap under Windows 10, get the driver from http://www.win10pcap.org/

Starting a Packet Capture


Start Wireshark.

In the Capture menu, select Options

clip_image002

Make sure your interfaces are in promiscuous mode. Press Manage Interfaces.

clip_image004