Other password crack

Goals

• To crack password of zip and rar files

To extract hash from various data format

• To extract hash
• And to use john to crack using wordlist
• ls /usr/sbin/*john*
• /usr/sbin/dmg2john /usr/sbin/john /usr/sbin/keyring2john /usr/sbin/putty2john /usr/sbin/rar2john
• /usr/sbin/gpg2john /usr/sbin/keepass2john /usr/sbin/kwallet2john /usr/sbin/pwsafe2john /usr/sbin/ssh2john
• /usr/sbin/hccap2john /usr/sbin/keychain2john /usr/sbin/pfx2john /usr/sbin/racf2john /usr/sbin/zip2john

For example

• ssh2john id_rsa.key > hash
• john hash --fork=25 -w=/usr/share/wordlists/rockyou.txt
• john --show hash => id_rsa.key:gustateamo

To convert binary to base64 for simple copy

• To convert binary to base64: base64 keys.rar
• To convert back from base64 to binary: echo UmFyIRoHAM+gApIEAAHJvb3RhdXRob3JpemVkc3Noa2V5LnB1YnI+qg+QiYZnpO86O3+rX46ki9CMd7+qCC09p9xDL5gF8Wgwc7mZK9wkiTpvXO4vmmM50barFVJi55jD3l9J8var5iMCb8+Lrpn2e79rXFKzktBJ2e3/cSLUZRSv33cQFk2+9b43PDDjUD6IQ6FVbjc72sy6/8bMu7k8MYtJWFRHsLTwIXi0ZMrd/vydVFq7vQiUPYbt7H0SscXY4crEf9ann9iQyl6V034tluMZ9VQ6DmkXk53ekSbb3/Ck5/1hb9qj2RpBQUNTW70fQIbDXjcOp+qKerl8cfpDdo7JDRZbmJBuYd5zgFEASKHrew3spqQ/gZrNO6m/VvI/ZUa6DTmqhguHYKC838c9JzzDmW52daeuPMZtdTz2B0Enz5eBdV2XLbofx6ZA3nIYco6DJMvU9NxOfaLgnTj/JWRVAgUjoEgQUdcyWDEWoDYh+ARbAfG+qyqRhF8ujgUqYWNbXY8FxMsrTPdcWGz8348OZsMWH9NS5S8/KeIoGZU1YhfpP/6so4ihWCnWxD17AEAHAA== | base64 -d > keys.rar

Crack zip

• cd /usr/share/wordlists
• gunzip rockyou.txt.gz
• fcrackzip -u -D -p '/usr/share/wordlists/rockyou.txt' bank-account.zip
• unzip bank-account.zip

Crack rar

• rar2john keys.rar > keys.hash
• john --wordlist=jail-wlist.txt keys.hash OR john --format=rar --wordlist=jail-wlist.txt keys.hash
• john --show keys.hash
• To unrar: unrar x keys.rar

Crack weak public key

• https://github.com/lethanhtung01011980/RsaCtfTool

To install in Kali

• git clone https://github.com/Ganapati/RsaCtfTool.git

• cd RsaCtfTool

• sudo apt-get install libgmp3-dev libmpc-dev

• apt-get install python3-venv

• python3 -m venv .

• . bin/activate

• apt-get install python3-dev

• pip install -r "requirements.txt"

• python RsaCtfTool.py --publickey ../rootauthorizedsshkey.pub --private > root.key

• chmod 600 root.key

• ssh root@victim-ip -i root.key

Cryptogram solver

• To solve simple crypttogram: https://quipqiup.com/

Online hash crack

• https://hashkiller.co.uk/Cracker

Secret in images

• strings image.png

Steganography

• apt-get install steghide
• steghide info htb2.jpg
• steghide extract -sf htb2.jpg

Base64 decode

• S2VlcCBmb3JnZXR0aW5nIHBhc3N3b3JkIHNvIHRoaXMgd2lsbCBrZWVwIGl0IHNhZmUhDQpZMHVBSU50RzM3VGlOZ1RIIXNVemVyc1A0c3M=
• https://www.base64decode.org/