Kali Linux: Password Attack menggunakan Kali Linux - Revision history

Onnowpurbo: /* Step 4: */

2019-10-04T06:18:33Z

Step 4:

← Older revision		Revision as of 06:18, 4 October 2019
Line 74:		Line 74:

	aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0		aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0


	100 adalah jumlah frame de-authenticate yang akan kita kirim		100 adalah jumlah frame de-authenticate yang akan kita kirim
Line 80:		Line 79:
	mon0 adalah nama monitoring wireless adapter		mon0 adalah nama monitoring wireless adapter

	~~After capturing the~~ handshake ~~use~~ pyrit to crack ~~the~~ wifi password as		Setelah berhasil menangkap handshake, gunakan pyrit untuk crack wifi password.


	In the dictionary and crunch attack, PMKs speed is near 4000 which will take lots of time to crack wifi so use the below trick to increase the speed of attack. This will provide 60000-100000 PMKs depends on client hardware.
	Steps To Use Pyrit To Crack Password		Steps To Use Pyrit To Crack Password

Onnowpurbo: /* Step 4: */

2019-10-04T06:15:01Z

Step 4:

← Older revision		Revision as of 06:15, 4 October 2019
Line 76:		Line 76:


	100 ~~is the number of~~ de-authenticate ~~frames you want to send~~		100 adalah jumlah frame de-authenticate yang akan kita kirim
	08:86:30:74:22:76 ~~is the~~ BSSID ~~of the~~ AP		08:86:30:74:22:76 adalah BSSID dari AP
	mon0 ~~is the~~ monitoring wireless adapter		mon0 adalah nama monitoring wireless adapter

	After capturing the handshake use pyrit to crack the wifi password as		After capturing the handshake use pyrit to crack the wifi password as

Onnowpurbo: /* Step 4: */

2019-10-04T02:54:17Z

Step 4:

← Older revision		Revision as of 02:54, 4 October 2019
Line 69:		Line 69:
	Aireplay-Ng Deauth		Aireplay-Ng Deauth

	~~In order to capture the encrypted~~ password, ~~we need to have the client authenticate against the~~ AP. ~~If they're already authenticated~~, ~~we can de-authenticate them~~ (kick ~~them~~ off) ~~and their system will automatically re-authenticate~~, ~~whereby we can grab their encrypted~~ password ~~in the process~~.		Untuk mendapatkan password yang dienkripsi, kita harus meminta klien untuk melakukan otentikasi terhadap AP. Jika sudah diautentikasi, kami dapat membatalkan otentikasi (kick off) dan sistem mereka akan secara otomatis mengautentikasi ulang, di mana kita dapat mengambil password terenkripsi mereka dari proses tersebut.

	~~Let's open another~~ terminal ~~and type~~:		Buka terminal baru, ketik:

	aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0		aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0

Onnowpurbo: /* Hack Password Using Pyrit */

2019-10-04T01:04:06Z

Hack Password Using Pyrit

← Older revision		Revision as of 01:04, 4 October 2019
Line 32:		Line 32:
	Alasan sederhana dalam menggunakan GPU daripada CPU untuk memecahkan password adalah karena GPU lebih cepat. Ternyata cracking passwords sangat mirip dengan Bitcoin mining, jadi alasan yang sama GPU lebih cepat untuk Bitcoin mining berlaku untuk cracking password. Jawaban singkatnya adalah bahwa ada banyak chip khusus pada GPU yang melakukan operasi 32-bit dengan sangat cepat. Meskipun CPU dapat melakukan banyak perhitungan untuk keperluan umum, chip pada GPU dapat melakukan jenis operasi tertentu lebih cepat, dan dengan cara lebih mem-paralel-kan proses.		Alasan sederhana dalam menggunakan GPU daripada CPU untuk memecahkan password adalah karena GPU lebih cepat. Ternyata cracking passwords sangat mirip dengan Bitcoin mining, jadi alasan yang sama GPU lebih cepat untuk Bitcoin mining berlaku untuk cracking password. Jawaban singkatnya adalah bahwa ada banyak chip khusus pada GPU yang melakukan operasi 32-bit dengan sangat cepat. Meskipun CPU dapat melakukan banyak perhitungan untuk keperluan umum, chip pada GPU dapat melakukan jenis operasi tertentu lebih cepat, dan dengan cara lebih mem-paralel-kan proses.

	===Hack Password ~~Using~~ Pyrit===		===Hack Password Menggunakan Pyrit===

	Step 1: ~~Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng Let's start by putting our wireless adapter in monitor mode. Let's open a terminal and type:~~		====Step 1:====

	airmon-ng ~~start wlan0~~		Set Wi-Fi menjadi mode monitor dengan airmon-ng. Buka terminal dan ketik:

			airmon-ng start wlan0

	~~Note that~~ airmon-ng ~~has renamed your~~ wlan0 ~~adapter to~~ mon0.		Catatan: airmon-ng akan me-rename wlan0 menjadi mon0.

	Step 2: Capture Traffic with Airodump-Ng Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.		====Step 2:====

	~~This command grabs all the~~ traffic ~~that your wireless adapter can see and displays critical information about it~~, ~~including the~~ BSSID (~~the~~ MAC address ~~of the AP~~), power, ~~number of~~ beacon ~~frames~~, ~~number of~~ data ~~frames~~, channel, speed, encryption (if any), ~~and finally~~, ~~the~~ ESSID (~~what most of us refer to as the~~ SSID). ~~Let's do this by typing~~:		Capture Traffic menggunakan airodump-ng. Ini akan menangkap traffic dan menampilkan informasi seperti, BSSID (AP MAC address), power, jumlah beacon frame, jumlah data frame, channel, speed, encryption (if any), dan juga, ESSID (biasanya kita mengenalkan sebagai SSID). Ketik:

	airodump-ng mon0		airodump-ng mon0

			Semua AP yang terlihat akan tampil di bagian atas layar, client akan berada di bagian bawah layar.

	~~Note all of the visible APs are listed in the upper part of the screen and the clients are listed in the lower part of the screen.~~		====Step 3:====

	~~Step 3: Airodump~~-~~Ng on To Capture~~ Handshake ~~Our next step is to focus our efforts on one~~ AP~~, on one~~ channel, ~~and capture critical~~ data ~~from it~~. ~~We need the~~ BSSID ~~and~~ channel ~~to do this~~. ~~Let's open another~~ terminal ~~and type:~~		Menggunakan airodump-ng menangkap Handshake. Langkah ini adalah memfokuskan usaha kita pada satu AP pada satu channel, dan menangkap data penting dari AP tersebut. Kita perlu men-set BSSID dan channel untuk itu. Ketik pada terminal,

	airodump-ng --bssid 08:86:30:74:22:76 -c 6 -w WPAcrack mon0		airodump-ng --bssid 08:86:30:74:22:76 -c 6 -w WPAcrack mon0

			Dimana

	08:86:30:74:22:76 ~~is the~~ BSSID ~~of the AP~~		* 08:86:30:74:22:76 adalah AP BSSID
	-c 6 ~~is the~~ channel ~~the~~ AP ~~is operating on~~		* -c 6 adalah channel dimana AP beroperasi
			* WPAcrack adalah nama file untuk menyimpan hasil
			* mon0 adalah adapter wifi yang memonitor jaringan

	~~WPAcrack is the file you want to write to~~		Catatan: paling asik kalau kita bisa memperoleh AP yang konfigurasi-nya default tidak diubah oleh user.

	mon0 is the monitoring wireless adapter* As you can see in the screenshot above, we're now focusing on capturing data from one AP with a ESSID of Belkin276 on channel 6. The Belkin276 is probably a default SSID, which are prime targets for wireless hacking as the users that leave the default ESSID usually don't spend much effort securing their AP.		====Step 4:====
	Step 4: Aireplay-Ng Deauth In order to capture the encrypted password, we need to have the client authenticate against the AP. If they're already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process.
			Aireplay-Ng Deauth

			In order to capture the encrypted password, we need to have the client authenticate against the AP. If they're already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process.

	Let's open another terminal and type:		Let's open another terminal and type:

Onnowpurbo: /* Password Attack */

2019-10-04T00:41:07Z

Password Attack

← Older revision		Revision as of 00:41, 4 October 2019
Line 7:		Line 7:
	Tujuan cracking password mungkin untuk membantu pengguna memulihkan password yang lupa (walaupun menginstal password yang sama sekali baru akan mengurangi dari risiko keamanan, namun melibatkan hak istimewa sebagai Sistem Administrator), untuk mendapatkan akses tidak sah ke sistem, atau sebagai tindakan pencegahan oleh Administrator Sistem untuk memeriksa password yang mudah rusak. Secara file-by-file, cracking password digunakan untuk mendapatkan akses ke bukti digital dimana hakim mengizinkan akses namun akses file tertentu dibatasi.		Tujuan cracking password mungkin untuk membantu pengguna memulihkan password yang lupa (walaupun menginstal password yang sama sekali baru akan mengurangi dari risiko keamanan, namun melibatkan hak istimewa sebagai Sistem Administrator), untuk mendapatkan akses tidak sah ke sistem, atau sebagai tindakan pencegahan oleh Administrator Sistem untuk memeriksa password yang mudah rusak. Secara file-by-file, cracking password digunakan untuk mendapatkan akses ke bukti digital dimana hakim mengizinkan akses namun akses file tertentu dibatasi.

	~~pemrogram~~ komputer telah mencoba membuat algoritma untuk memecahkan password dalam waktu yang lebih singkat. Sebagian besar tool cracking password mencoba masuk dengan setiap kemungkinan kombinasi kata-kata. Jika login berhasil, berarti password sudah ditemukan. Jika password cukup kuat dengan kombinasi angka, karakter dan karakter khusus, metode cracking ini mungkin memakan waktu berjam-jam sampai berminggu-minggu atau berbulan-bulan. Beberapa tool cracking password menggunakan kamus yang berisi kata sandi. Tool ini sangat bergantung pada kamus, jadi tingkat keberhasilannya lebih rendah.		Programmer komputer telah mencoba membuat algoritma untuk memecahkan password dalam waktu yang lebih singkat. Sebagian besar tool cracking password mencoba masuk dengan setiap kemungkinan kombinasi kata-kata. Jika login berhasil, berarti password sudah ditemukan. Jika password cukup kuat dengan kombinasi angka, karakter dan karakter khusus, metode cracking ini mungkin memakan waktu berjam-jam sampai berminggu-minggu atau berbulan-bulan. Beberapa tool cracking password menggunakan kamus yang berisi kata sandi. Tool ini sangat bergantung pada kamus, jadi tingkat keberhasilannya lebih rendah.


	==Tips untuk membuat Password yang kuat==		==Tips untuk membuat Password yang kuat==

Onnowpurbo at 00:40, 4 October 2019

2019-10-04T00:40:18Z

← Older revision		Revision as of 00:40, 4 October 2019
Line 29:		Line 29:
	===GPU Tools===		===GPU Tools===

	A GPU, ~~or graphics processing~~ unit, ~~is used primarily for~~ 3-D ~~applications~~. ~~It is a single~~-~~chip processor that creates lighting effects and transforms objects every time a~~ 3D scene ~~is redrawn~~. ~~These are mathematically~~-~~intensive tasks, which otherwise~~, ~~would put quite a strain on the~~ CPU. ~~Lifting this burden from the~~ CPU ~~frees up cycles that can be used for other jobs~~.		GPU, atau unit pemrosesan grafik, digunakan terutama untuk aplikasi 3-D. Ini adalah prosesor chip tunggal yang menciptakan efek pencahayaan dan men-transformasi objek setiap kali 3D scene digambar ulang. Ini adalah tugas-tugas yang intensif secara matematis, yang akan cukup membebani CPU. Memindahkan beban ini dari CPU akan membebaskan siklus CPU digunakan untuk pekerjaan lain.

	~~The simple reason to use a~~ GPU ~~instead of a~~ CPU ~~for~~ password ~~cracking is that it's much faster~~. ~~It turns out that~~ cracking passwords ~~is a lot like~~ mining ~~Bitcoins~~, ~~so the same reasons GPUs are faster for~~ Bitcoin mining ~~apply to~~ password ~~cracking~~. ~~The short answer is that there are many more specialized chips on a~~ GPU ~~that perform~~ 32-bit ~~operations really quickly~~. ~~Although a~~ CPU ~~can perform a lot of general-purpose calculations~~, ~~the chips on a~~ GPU ~~can perform specific types of operations much faster~~, ~~and in a much more parallel way~~		Alasan sederhana dalam menggunakan GPU daripada CPU untuk memecahkan password adalah karena GPU lebih cepat. Ternyata cracking passwords sangat mirip dengan Bitcoin mining, jadi alasan yang sama GPU lebih cepat untuk Bitcoin mining berlaku untuk cracking password. Jawaban singkatnya adalah bahwa ada banyak chip khusus pada GPU yang melakukan operasi 32-bit dengan sangat cepat. Meskipun CPU dapat melakukan banyak perhitungan untuk keperluan umum, chip pada GPU dapat melakukan jenis operasi tertentu lebih cepat, dan dengan cara lebih mem-paralel-kan proses.

	Hack Password Using Pyrit		===Hack Password Using Pyrit===

	Step 1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng Let's start by putting our wireless adapter in monitor mode. Let's open a terminal and type:		Step 1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng Let's start by putting our wireless adapter in monitor mode. Let's open a terminal and type:

Onnowpurbo: /* Tool yang digunakan untuk Password Cracking */

2017-12-10T22:41:31Z

Tool yang digunakan untuk Password Cracking

← Older revision		Revision as of 22:41, 10 December 2017
Line 27:		Line 27:
	* Passing The Hash		* Passing The Hash

	GPU Tools		===GPU Tools===

	A GPU, or graphics processing unit, is used primarily for 3-D applications. It is a single-chip processor that creates lighting effects and transforms objects every time a 3D scene is redrawn. These are mathematically-intensive tasks, which otherwise, would put quite a strain on the CPU. Lifting this burden from the CPU frees up cycles that can be used for other jobs.		A GPU, or graphics processing unit, is used primarily for 3-D applications. It is a single-chip processor that creates lighting effects and transforms objects every time a 3D scene is redrawn. These are mathematically-intensive tasks, which otherwise, would put quite a strain on the CPU. Lifting this burden from the CPU frees up cycles that can be used for other jobs.

Line 479:		Line 480:

	- See more at: http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html#sthash.9fAniGLD.dpuf		- See more at: http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html#sthash.9fAniGLD.dpuf






	==Referensi==		==Referensi==

	* http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html		* http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html

Onnowpurbo at 22:30, 10 December 2017

2017-12-10T22:30:51Z

← Older revision		Revision as of 22:30, 10 December 2017
Line 1:		Line 1:
	Sumber: http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html		Sumber: http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html

	Password ~~Attacks~~		==Password Attack==
	Password Cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password.

	~~The purpose of~~ password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves System Administration privileges), to gain unauthorized access to a system, or as a preventive measure by System Administrators to check for easily crackable passwords. ~~On a file-by-file basis,~~ password ~~cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted~~.		Password Cracking adalah proses menyerang password dari data yang telah tersimpan atau dikirim oleh sistem komputer. Pendekatan yang umum digunakan adalah brute force attack dengan cara berulang kali mencoba menebak password.

	~~computer programmers have been trying to create algorithms for password~~ cracking ~~in less time. Most of the~~ password ~~cracking tools try to login with every possible combination of words. If login is successful, it means the~~ password ~~was found. If the~~ password ~~is strong enough with a combination of numbers~~, ~~characters and special characters~~, ~~this cracking method may take hours to weeks or months. A few~~ password ~~cracking tools use a dictionary that contains passwords~~. ~~These tools are totally dependent on the dictionary~~, ~~so success rate is lower~~.		Tujuan cracking password mungkin untuk membantu pengguna memulihkan password yang lupa (walaupun menginstal password yang sama sekali baru akan mengurangi dari risiko keamanan, namun melibatkan hak istimewa sebagai Sistem Administrator), untuk mendapatkan akses tidak sah ke sistem, atau sebagai tindakan pencegahan oleh Administrator Sistem untuk memeriksa password yang mudah rusak. Secara file-by-file, cracking password digunakan untuk mendapatkan akses ke bukti digital dimana hakim mengizinkan akses namun akses file tertentu dibatasi.

			pemrogram komputer telah mencoba membuat algoritma untuk memecahkan password dalam waktu yang lebih singkat. Sebagian besar tool cracking password mencoba masuk dengan setiap kemungkinan kombinasi kata-kata. Jika login berhasil, berarti password sudah ditemukan. Jika password cukup kuat dengan kombinasi angka, karakter dan karakter khusus, metode cracking ini mungkin memakan waktu berjam-jam sampai berminggu-minggu atau berbulan-bulan. Beberapa tool cracking password menggunakan kamus yang berisi kata sandi. Tool ini sangat bergantung pada kamus, jadi tingkat keberhasilannya lebih rendah.

	~~Tips to create the strong password~~

	~~The longer the password, the harder it is to crack:~~ Password length is the most important factor. If you select a small password, password cracking tools can easily crack it by using few words combinations. A longer password will take a longer time in guessing. Your password must be at least 8 characters long.		==Tips untuk membuat Password yang kuat==

	~~Always use a combination of characters~~, ~~numbers and special characters~~: ~~This is another thing which makes passwords hard to crack~~. ~~Password~~ cracking ~~tools try the combination of one by one. Have a combination of small characters, capital letters, and special characters. Suppose if you have only numbers in your~~ password. Password ~~cracking tools only need to guess numbers from 0-9~~. Here only length matters. But having a password combination of a-z, A-Z, 0-9 and other special characters with a good length will make it harder to crack. This kind of password sometimes takes weeks to crack.		Semakin panjang password, semakin sulit di crack: Panjang password adalah faktor yang paling penting. Jika anda memilih password pendek, tool cracking password dapat dengan mudah memecahkannya dengan menggunakan beberapa kombinasi kata. Password yang lebih panjang akan memakan waktu lebih lama untuk menebak. Password Anda harus minimal 8 karakter.

	~~Variety in passwords~~: ~~One important thing you must always take care~~. ~~Never use same~~ password ~~everywhere~~. ~~Cyber criminals can steal passwords from one website and then try it on other websites too~~.		Selalu gunakan kombinasi karakter, angka dan karakter khusus: Ini adalah hal lain yang membuat password sulit dipecahkan. Tool cracking password mencoba kombinasi satu per satu. Memiliki kombinasi karakter kecil, huruf kapital, dan karakter khusus. Misalkan jika anda hanya memiliki angka dalam password anda. Tool cracking password hanya perlu menebak angka dari 0-9. Disini hanya panjang password yang menjadi penentu. Tapi memiliki kombinasi kata kunci a-z, A-Z, 0-9 dan karakter spesial lainnya yang cukup panjang akan membuat lebih sulit untuk di crack. Password semacam ini terkadang memakan waktu berminggu-minggu untuk dipecahkan.
	~~In case you are not sure about the strength of your~~ password~~, you can check it from variety of online tools available for free~~. ~~Try this official Microsoft~~ Tool ~~for checking the~~ password ~~strength~~.

	~~https~~:~~//www~~.~~microsoft~~.~~com/security/pc-security/~~password-~~checker~~.~~aspx~~		Keragaman dalam password: Satu hal penting yang harus selalu Anda jaga. Jangan pernah menggunakan kata sandi yang sama di mana saja. Penjahat cyber bisa mencuri password dari satu situs web dan kemudian mencobanya di situs lain-nya.

	~~Example of~~ strong password: AdZfL48024@ #$!		Contoh strong password: AdZfL48024@ #$!
	~~Tools Used For Password Cracking~~

	GPU Tools		==Tool yang digunakan untuk Password Cracking==
	Online Attack
	Offline Attack		* GPU Tools
	Passing The Hash		* Online Attack
			* Offline Attack
			* Passing The Hash

	GPU Tools		GPU Tools

Onnowpurbo at 22:11, 10 December 2017

2017-12-10T22:11:22Z

← Older revision		Revision as of 22:11, 10 December 2017
Line 18:		Line 18:
	In case you are not sure about the strength of your password, you can check it from variety of online tools available for free. Try this official Microsoft Tool for checking the password strength.		In case you are not sure about the strength of your password, you can check it from variety of online tools available for free. Try this official Microsoft Tool for checking the password strength.

	https://www.microsoft.com/security/pc-security/password-checker.aspx		https://www.microsoft.com/security/pc-security/password-checker.aspx

	Example of strong password: AdZfL48024@ #$!		Example of strong password: AdZfL48024@ #$!
Line 56:		Line 56:


	08:86:30:74:22:76 is the BSSID of the AP		08:86:30:74:22:76 is the BSSID of the AP
	-c 6 is the channel the AP is operating on		-c 6 is the channel the AP is operating on

	WPAcrack is the file you want to write to		WPAcrack is the file you want to write to
Line 69:		Line 69:


	100 is the number of de-authenticate frames you want to send		100 is the number of de-authenticate frames you want to send
	08:86:30:74:22:76 is the BSSID of the AP		08:86:30:74:22:76 is the BSSID of the AP
	mon0 is the monitoring wireless adapter		mon0 is the monitoring wireless adapter

	After capturing the handshake use pyrit to crack the wifi password as		After capturing the handshake use pyrit to crack the wifi password as

Onnowpurbo: New page: Sumber: http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html Password Attacks Password Cracking is the process of recovering passwords from data that hav...

2016-02-10T13:28:37Z

New page: Sumber: http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html Password Attacks Password Cracking is the process of recovering passwords from data that hav...

New page

Sumber: http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html

Password Attacks
Password Cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password.

The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves System Administration privileges), to gain unauthorized access to a system, or as a preventive measure by System Administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.

computer programmers have been trying to create algorithms for password cracking in less time. Most of the password cracking tools try to login with every possible combination of words. If login is successful, it means the password was found. If the password is strong enough with a combination of numbers, characters and special characters, this cracking method may take hours to weeks or months. A few password cracking tools use a dictionary that contains passwords. These tools are totally dependent on the dictionary, so success rate is lower.

Tips to create the strong password

The longer the password, the harder it is to crack: Password length is the most important factor. If you select a small password, password cracking tools can easily crack it by using few words combinations. A longer password will take a longer time in guessing. Your password must be at least 8 characters long.

Always use a combination of characters, numbers and special characters: This is another thing which makes passwords hard to crack. Password cracking tools try the combination of one by one. Have a combination of small characters, capital letters, and special characters. Suppose if you have only numbers in your password. Password cracking tools only need to guess numbers from 0-9. Here only length matters. But having a password combination of a-z, A-Z, 0-9 and other special characters with a good length will make it harder to crack. This kind of password sometimes takes weeks to crack.

Variety in passwords: One important thing you must always take care. Never use same password everywhere. Cyber criminals can steal passwords from one website and then try it on other websites too.
In case you are not sure about the strength of your password, you can check it from variety of online tools available for free. Try this official Microsoft Tool for checking the password strength.

https://www.microsoft.com/security/pc-security/password-checker.aspx

Example of strong password: AdZfL48024@ #$!
Tools Used For Password Cracking

GPU Tools
Online Attack
Offline Attack
Passing The Hash

GPU Tools
A GPU, or graphics processing unit, is used primarily for 3-D applications. It is a single-chip processor that creates lighting effects and transforms objects every time a 3D scene is redrawn. These are mathematically-intensive tasks, which otherwise, would put quite a strain on the CPU. Lifting this burden from the CPU frees up cycles that can be used for other jobs.

The simple reason to use a GPU instead of a CPU for password cracking is that it's much faster. It turns out that cracking passwords is a lot like mining Bitcoins, so the same reasons GPUs are faster for Bitcoin mining apply to password cracking. The short answer is that there are many more specialized chips on a GPU that perform 32-bit operations really quickly. Although a CPU can perform a lot of general-purpose calculations, the chips on a GPU can perform specific types of operations much faster, and in a much more parallel way

Hack Password Using Pyrit

Step 1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng Let's start by putting our wireless adapter in monitor mode. Let's open a terminal and type:

airmon-ng start wlan0

Note that airmon-ng has renamed your wlan0 adapter to mon0.

Step 2: Capture Traffic with Airodump-Ng Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.

This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID). Let's do this by typing:

airodump-ng mon0

Note all of the visible APs are listed in the upper part of the screen and the clients are listed in the lower part of the screen.

Step 3: Airodump-Ng on To Capture Handshake Our next step is to focus our efforts on one AP, on one channel, and capture critical data from it. We need the BSSID and channel to do this. Let's open another terminal and type:

airodump-ng --bssid 08:86:30:74:22:76 -c 6 -w WPAcrack mon0

08:86:30:74:22:76 is the BSSID of the AP
-c 6 is the channel the AP is operating on

WPAcrack is the file you want to write to

mon0 is the monitoring wireless adapter* As you can see in the screenshot above, we're now focusing on capturing data from one AP with a ESSID of Belkin276 on channel 6. The Belkin276 is probably a default SSID, which are prime targets for wireless hacking as the users that leave the default ESSID usually don't spend much effort securing their AP.
Step 4: Aireplay-Ng Deauth In order to capture the encrypted password, we need to have the client authenticate against the AP. If they're already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process.

Let's open another terminal and type:

aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0

100 is the number of de-authenticate frames you want to send
08:86:30:74:22:76 is the BSSID of the AP
mon0 is the monitoring wireless adapter

After capturing the handshake use pyrit to crack the wifi password as

In the dictionary and crunch attack, PMKs speed is near 4000 which will take lots of time to crack wifi so use the below trick to increase the speed of attack. This will provide 60000-100000 PMKs depends on client hardware.
Steps To Use Pyrit To Crack Password

1. svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit_svn

Download the pyrit file

2. cd pyrit_svn/pyrit/ ./setup.py build install

Build and install setup.py file

3. cd ..

Step back to pyrit_svn
4. cd cpyrit_calpp

Go to cpyrit_calpp directory

5. Edit setup.py and find VERSION = '0.4.0-dev and change to VERSION = '0.4.1-dev

also find CALPP_INC_DIRS.append(os.path.join(CALPP_INC_DIR, 'include')) and replace with CALPP_INC_DIRS.append(os.path.join(CALPP_INC_DIR, 'include/CAL'))

Save the file

6. ./setup.py build install

Build and install and edited file

7. pyrit –e MTNL create_essid

Create essid in pyrit databases

8. pyrit -i wordlist .lst import_passwords

Import the dictionary in pyrit databases

9. pyrit batch

Create table in pyrit databases

10.pyrit –r MTNL .cap attack_db

Perform attack on handshake file

Offline Attack

Cmospwd

CmosPwd is a cross-platform tool to decrypt password stored in CMOS used to access a computer’s BIOS setup.

Crunch

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.

Generate a dictionary file containing words with a minimum and maximum length of 6 (6 6) using the given characters (0123456789abcdef), saving the output to a file (-0 6chars.txt):

root@kali:~# crunch 6 6 0123456789abcdef -o 6chars.txt

hash-identifier

Software to identify the different types of hashes used to encrypt data and especially passwords.

root@kali:~# hash-identifier

John the Ripper

John the Ripper is another well-known free open source password cracking tool for Linux, Unix and Mac OS X. A Windows version is also available. This tool can detect weak passwords. A pro version of the tool is also available, which offers better features and native packages for target operating systems. You can also download Openwall GNU/*/Linux that comes with John the Riper.

Combine the provided passwd (passwd) and shadow (shadow)(shadow) and redirect them to a file (> unshadowed.txt):

root@kali:~# unshadow passwd shadow > unshadowed.txt

Using a wordlist (–wordlist=/usr/share/john/password.lst),

apply mangling rules (–rules) and attempt to crack the password hashes in the given file (unshadowed.txt):

root@kali:~# john --wordlist=/usr/share/john/password.lst --rules unshadowed.txt

johnny

Johnny provides a GUI for the John the Ripper password cracking tool.

root@kali:~# johnny

RainbowCrack

RainbowCrack is a hash cracker tool that uses a large-scale time-memory trade off process for faster password cracking than traditional brute force tools. Time-memory trade off is a computational process in which all plain text and hash pairs are calculated by using a selected hash algorithm. After computation, results are stored in the rainbow table. This process is very time consuming. But, once the table is ready, it can crack a password must faster than brute force tools.

You also do not need to generate rainbow tablets by yourselves. Developers of RainbowCrack have also generated LM rainbow tables, NTLM rainbow tables, MD5 rainbow tables and Sha1 rainbow tables. Like RainbowCrack, these tables are also available for free. You can download these tables and use for your password cracking processes.

This tool is available for both Windows and Linux systems.

rcracki-mt

rcracki_mt is a modified version of rcrack which supports hybrid and indexed tables. In addition to that, it also adds multi-core support.

Crack the password hash (-h 5d41402abc4b2a76b9719d911017c592) using 4 CPU cores (-t 4) and the specified rainbow tables (tables2/md5/):

root@kali:~# rcracki_mt -h 5d41402abc4b2a76b9719d911017c592 -t 4 tables2/md5

RSMangler

RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper the main difference being that it will first take the input words and generate all permutations and the acronym of the words (in order they appear in the file) before it applies the rest of the mangles.

Use the original wordlist (cat words.txt |) and mangle words with a minimum length of 6 (-m 6) and maximum length of 8 (-x 8), using stdin as input (–file -) and redirecting the results to a new wordlist (> mangled.txt): root@kali:~# cat words.txt | rsmangler -m 6 -x 8 --file - > mangled.txt

root@kali:~# wc -l mangled.txt

TrueCrack

TrueCrack is able to perform a brute-force attack based on:

Dictionary: read the passwords from a file of words.

Alphabet: generate all passwords of given length from given alphabet.

TrueCrack works on gpu and cpu

root@kali:~# truecrack -t truecrypt_vol -k ripemd160 -w passes.txt

cachedump
It is used to recover the windows password using cached entries.

CacheDump will create a CacheDump NT Service to get SYSTEM right and make his stuff on the registry. Then, it will retrieve the LSA Cipher Key to decrypt (rc4/hmac_md5 GloubiBoulga) cache entries values. A John The Ripper module has been developed to attack the hashed values that are retrieved

chntpw

It is used to Removing Windows OS Passwords.

So Lets' get started:

Step 1: Mounting the drive containing Windows OS-> This one is easy ain't it? Well so that you might not have forgotten how to do it, I'll type the syntax:

ntfs-3g /dev/sda1 /media/win

Note that 'sda1' in above command is the partition on which Windows OS is installed yours can be different. To check yours simply type fdisk -l which will list your all partitions and then check by yourself on which partition your Windows OS is installed.

Step 2: Now move to the config folder of windows os using below command:

cd /media/win/Windows/System32/config/

Step 3:Type the following command to see the list of users available on Victim's Machine:

chntpw -l SAM

Step 4:Copy the name of user whose password you want to crack and then enter the below command to crack the password of selected user:

chntpw -u <username> SAM

dictstat

It is used to Generate dictionary file statistics

fcrackzip

fcrackzip is a fast password cracker partly written in assembler. It is able to crack password protected zip files with brute force or dictionary based attacks.

1.Open Terminal type fcrackzip –help this command will open fcrackzip with help options

2. Let’s make a zip file in windows 7 PC than we will copy paste it into Kali Linux afterthat we will try to break this password by fcrackzip. I created a zip file. This zip file’s password is 12345678.

3. Now we are going to break this password protected zip file. If you know your password has numeric (ex- 123..) and how many digits there in your password. Here we know our password is numeric (e.g. 123…) and its total 8 digits. If you have just small thought or knowledge about your password It will you to speed up your brute force attack against your zip file.

Syntax – fcrackzip –u –c <your password character type> –p <total digits> zip file path

fcrackzip –u –c 1 –p aaaaaaaa ‘/root/Desktop/Test.zip’

Here,

The –u option, Try to decompress the first file by calling unzip with the guessed password. This weeds out false positives when not enough files have been given.

The –c option lets you select the character set, '1' here means password can be a numeric.

The -p option lets you select an initial string to start brute-force attack

Note – as you can see I wrote ‘aaaaaaaa’, if you will count this is total 8 digits means I assumed that my password can be 8 digits but in this step if my assumption will be wrong, like my password have 8 digits and I will write there ‘aaaaaaa’ (only 7 digits) than fcrackzip will not crack your password.

4. If you know your password is numeric but you don’t know there are how many digits. You can assume a password digit range. Here I am thinking that my password can be minimum 4 digits to maximum 8 digits.

Syntax – fcrackzip –u –c <your password character type> -l <password digits range> zip file path

fcrackzip –u –c 1 –l 4-8 ‘/root/Desktop/Test.zip’

5. In this Example I created another Zip file with small (lower case) alphabet digits as password. Here password is ‘abcdefgh’. If your password has small alphabets characters and length of password is 8 digits.

Syntax – fcrackzip –u –c <your password character type> –p <total digits> zip file path

fcrackzip –u –c a –p aaaaaaaa ‘/root/Desktop/Test1.zip’

Here we are using ‘a’ after –c because our password has small (lower case) alphabet. If you have doubt that the password can be capital (upper case) alphabet than you have to write capital ‘A’. If you think that your password has both upper and lower case than you can write ‘Aa’. Just like this if you doubt your password has lower case (a), Upper case (A), numeric (1). You have to write there ‘Aa1’.

6. Range of password digits

7. Here we are using brute force a zip file password which has upper case (A), lower case (a), numeric (1), and symbol (@). Use "!" for including special characters !:$%&/()=?{[]}+*~#. If you want to specify only some of the characters then mention them using " : ". In this image I want to specify only one (@) character so I used :@.

8. Now we are going to crack this zip password by using dictionary attack. Just for an example I am making a small dictionary manually so it will take less time to crack.

9. Now run the command for cracking this zip file password

Syntax – fcrackzip –u –D –p <dictionary file path> <zip file path>

fcrackzip –u –D –p ‘/root/Desktop/dic’ ‘/root/Desktop/Test.zip

hashcat

It is a CPU-based password recovery tool.Hashcat or cudaHashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat or cudaHashcat currently supports a large range of hashing algorithms, including: Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX, and many others.

root@kali:~# hashcat -m 0 -a 0 /root/md5.txt /root/rockyou.txt

md5.txt : File in which hashed password is saved

/root/rockyou.txt : path of dictionery file which used to crack hashed password

hashid

Identify the different types of hashes used to encrypt data and especially passwords.

maskgen

Generate hashcat masks

opcrack

A Microsoft Windows password cracker using rainbow tables

Ophcrack uses Rainbow Tables to crack NTLM and LM hashes into plain text, its a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. If you have a complex password it will take a lot longer than simple passwords, and with the free tables your password may never be cracked.

sipcrack

SIPcrack is a SIP login sniffer/cracker that contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input.

sipcrack bruteforces the user’s password with the dump file generated by sipdump. If a password is found, the sniffed and cracked login will be updated in the dump file.

Sipcrack needs a wordlist to launch an attack. As a result, it will give you the password.

root@bt:/Desktop/SIPCrack# ./sipcrack pass.txt -w list.txt

sucrack

Multithreaded Linux/UNIX tool for brute-force cracking of local user accounts via su.

Online Attack

acccheck

The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution.
Scan the IP addresses contained in smb-ips.txt (-T) and use verbose output (-v):

root@kali:~# acccheck.pl -T smb-ips.txt -v

Burp Suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

root@kali:~# burpsuite

CeWL

CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

Scan to a depth of 2 (-d 2) and use a minimum word length of 5 (-m 5), save the words to a file (-w docswords.txt), targeting the given URL

root@kali:~# cewl -d 2 -m 5 -w docswords.txt http://google.com

Cisco-Auditing-Tool
Perl script which scans cisco routers for common vulnerabilities.

Scan the host (-h 192.168.99.230) on port 23 (-p 23), using a password dictionary file (-a /usr/share/wordlists/nmap.lst):

root@kali:~# CAT -h 192.168.99.230 -p 23 -a /usr/share/wordlists/nmap.lst

DBPwAudit

DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver (-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst)

root@kali:~# dbpwaudit -s 192.168.1.130 -d testdb -D MySQL -U root -P /usr/share/wordlists/nmap.lst

FindMyHash

It will crack hashes with online service.

Specifying the hash algorithm (MD5), attempt to crack the given hash (-h 098f6bcd4621d373cade4e832627b4f6)

root@kali:~# findmyhash MD5 -h 098f6bcd4621d373cade4e832627b4f6

THC-Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Attempt to login as the root user (-l root) using a password list (-P /usr/share/wordlists/metasploit/unix_passwords.txt) with 6 threads (-t 6) on the given SSH server (ssh://192.168.1.123):

root@kali:~# hydra -l root -P /usr/share/wordlists/metasploit/unix_passwords.txt -t 6 ssh://192.168.1.123

Keimpx

keimpx is an open source tool, released under a modified version of Apache License 1.1.

It can be used to quickly check for valid credentials across a network over SMB. Credentials can be:

Combination of user / plain-text password.
Combination of user / NTLM hash.
Combination of user / NTLM logon session token.
Read a list of IP addresses (-l /root/smbopen.txt) and attempt to login as the user victim (-U victim) with a password of s3cr3t (-P s3cr3t) with a verbosity level of 1 (-v 1), running in batch mode (-b)

root@kali:~# keimpx -l /root/smbopen.txt -U victim -P s3cr3t -v 1 -b

Ncrack
Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.

Use verbose mode (-v), read a list of IP addresses (-iL win.txt), and attempt to login with the username victim (–user victim) along with the passwords in a dictionary (-P passes.txt) using the RDP protocol (-p rdp) with a one connection at a time (CL=1):

root@kali:~# ncrack -v -iL win.txt --user victim -P passes.txt -p rdp CL=1

Patator

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage

Do a MySQL brute force attack (mysql_login) with the root user (user=root) and passwords contained in a file (password=FILE0 0=/root/passes.txt)against the given host (host=127.0.0.1), ignoring the specified string (-x ignore:fgrep=’Access denied for user’):

root@kali:~# patator mysql_login user=root password=FILE0 0=/root/passes.txt host=127.0.0.1 -x ignore:fgrep='Access

phrasendrescher

phrasen|drescher (p|d) is a modular and multi processing pass phrase cracking tool. It comes with a number of plugins but a simple plugin API allows an easy development of new plugins.

Use the SSH brute force plugin (ssh) and the passwords in a wordlist (-d passes.txt) against the target server (-t 192.168.1.202), displaying verbose output (-v):

root@kali:~# pd ssh -d passes.txt -t 192.168.1.202 -v

THC-pptp-bruter

Brute force program against pptp vpn endpoints (tcp port 1723). Fully standalone. Supports latest MSChapV2 authentication. Tested against Windows and Cisco gateways. Exploits a weakness in Microsoft’s anti-brute force implementation which makes it possible to try 300 passwords the second.

WebScarab

WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

root@kali:~# webscarab

- See more at: http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html#sthash.9fAniGLD.dpuf

==Referensi==

* http://kalilinuxcourse.blogspot.co.id/2015/10/crack-password-using-kali-linux-2.0.html