Showing posts with label using. Show all posts
Showing posts with label using. Show all posts

Sunday, February 26, 2017

Easy Way To Crack Password Using John The Ripper In Kali Linux

Easy Way To Crack Password Using John The Ripper In Kali Linux


Crack Password Using John The Ripper In KaliLinux- picateshackz.com

John the Ripper is a free password cracking tool that runs on a large number of different platforms. It is one of the most used password cracking tools because it combines several other password crackers into a single package and has a number of handy features such as automatic hash type detection. Cracking password in Kali Linux using John the Ripper is very straight forward. In this post, I will demonstrate that.

John the Ripper uses a 2 step process to cracking a password. First it will use the passwd and shadow file to create an output file. Next, you then actually use dictionary attack against that file to crack it. In short, John the Ripper will use the following two files:


/etc/passwd
/etc/shadow


Cracking password using John the Ripper

In Linux, password hash is stored in /etc/shadow file. For the sake of this exercise, I will create a new user names john and assign a simple password ‘password’ to him.

I will also add john to sudo group, assign /bin/bash as his shell. There’s a nice article I posted last year which explains user creating in Linux in great details. It’s a good read if you are interested to know and understand the flags and this same structure can be used to almost any Linux/Unix/Solaris operating system. Also, when you create a user, you need their home directories created,

First let’s create a user named john and assign password as his password. (very secured..yeah!)

Crack Password Using John The Ripper In KaliLinux- picateshackz.com


root@kali:~# useradd -m john -G sudo -s /bin/bash
root@kali:~# passwd john
Enter new UNIX password: <password>
Retype new UNIX password: <password>
passwd: password updated successfully
root@kali:~#

Unshadowing password

Now that we have created our victim, let’s start with unshadow commands. The unshadow command will combine the extries of /etc/passwd and /etc/shadow to create 1 file with username and password details. When you just type in unshadow, it shows you the usage anyway.

Crack Password Using John The Ripper In KaliLinux- picateshackz.com


root@kali:~# unshadow
Usage: unshadow PASSWORD-FILE SHADOW-FILE
root@kali:~# unshadow /etc/passwd /etc/shadow > /root/johns_passwd

I’ve redirected the output to /root/johns_passwd file because I got the ticks for organizing things. Do what you feel like here.


Cracking process with John the Ripper

At this point we just need a dictionary file and get on with cracking. John comes with it’s own small password file and it can be located in /usr/share/john/password.lst. I’ve showed the size of that file using the following command.


root@kali:~# ls -ltrah /usr/share/john/password.lst


You can use your own password lists too or download a large one from Internet (there’s lots of dictionary file in terabyte size).

Crack Password Using John The Ripper In KaliLinux- picateshackz.com


root@kali:~# john --wordlist=/usr/share/john/password.lst /root/johns_passwd 
Created directory: /root/.john
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 2 password hashes with 2 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 SSE2 2x])
Will run 2 OpenMP threads
Press q or Ctrl-C to abort, almost any other key for status
password         (john)
1g 0:00:00:06 DONE (2015-11-06 13:30) 0.1610g/s 571.0p/s 735.9c/s 735.9C/s modem..sss
Use the "--show" option to display all of the cracked passwords reliably
Session completed
root@kali:~#


Looks like it worked. So we can now use john –show option to list cracked passwords. Note that it’s a simple password that existed in the dictionary so it worked. If it wasn’t a simple password, then you would need a much bigger dictionary and lot longer to to crack it.

Crack Password Using John The Ripper In KaliLinux- picateshackz.com

root@kali:~# john --show /root/johns_passwd 
john:password:1000:1001::/home/john:/bin/bash

1 password hash cracked, 1 left
root@kali:~#

Now that we have completed the basics of John the Ripper and cracked a password using it, it’s possibly time to move on to bigger and more complex things. If you have any doubts regarding this post just type down a comment.


Also Read:

  • How to Setup Nessus in Kali Linux - Most Used Vulnerability Scanner in 2015
  • Beginners Guide To Armitage And How To Use It In Kali Linux
  • Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark

Available link for download

Read more »
Posted by at
Labels: , , , , , , , , , , ,

Thursday, February 16, 2017

Dynamically add form elements using jQuery such as Input Textbox Radio Buttons Checkboxes Dropdown and Submit Button

Dynamically add form elements using jQuery such as Input Textbox Radio Buttons Checkboxes Dropdown and Submit Button



Available link for download

Read more »
Posted by at
Labels: , , , , , , , , , , , , , , , ,

Friday, February 10, 2017

Example Using Grails Promises

Example Using Grails Promises


I was recently playing around with the Asynchronous Programming features in Grails using Promises, and wanted to share an example that went a little beyond a simple example. In case you are using an older version of Grails, the asynchronous features where added in Grails 2.3. While there are a lot of useful asynchronous features in Grails, for this article Ill only focus on using Promises. Promises are a common concept being introduced in many concurrency frameworks. They are similar to Javas java.util.concurrent.Future class, but like all things with Grails/Groovy, Grails has made them easier to use.

First, before showing you an example, go ahead and run grails console under an existing grails project. If you dont have one, install grails (see GVM) and run grails create-app. Using the grails console will allow you to quickly run these examples and experiment on your own.

Basic Example
import static grails.async.Promises.task
import static grails.async.Promises.waitAll

def task1 = task {
 println "task1 - starting"
 Thread.sleep(5000)
 println "task1 - ending"
}

def task2 = task {
 println "task2 - starting"
 Thread.sleep(1000)
 println "task2 - ending"
}

waitAll(task1, task2)
This would output:
task1 - starting
task2 - starting
task2 - ending
task1 - ending

More Complex Example
Lets say you wanted to list the states of 5 zip codes. Here is what that would look like if we did it synchronously:

["74172", "64840", "67202", "68508", "37201"].each { z ->
 println "getting state for zip code: $z"
 def response = new URL("http://zip.getziptastic.com/v2/US/$z").content.text
 def json = grails.converters.JSON.parse(response)
 println "zip code $z is in state $json.state"
}
And the output for that would look like:
getting state for zip code: 74172
zip code 74172 is in state Oklahoma
getting state for zip code: 64840
zip code 64840 is in state Missouri
getting state for zip code: 67202
zip code 67202 is in state Kansas
getting state for zip code: 68508
zip code 68508 is in state Nebraska
getting state for zip code: 37201
zip code 37201 is in state Tennessee

And here is what it would look like using Grails Promises to make it asynchronous:

import static grails.async.Promises.task
import static grails.async.Promises.waitAll

def tasks = ["74172", "64840", "67202", "68508", "37201"].collect { z ->
 task {
 println "getting state for zip code: $z"
 def response = new URL("http://zip.getziptastic.com/v2/US/$z").content.text
 def json = grails.converters.JSON.parse(response)
 println "zip code $z is in state $json.state"
 }
}

waitAll(tasks)

The asynchronous output would look like this:
getting state for zip code: 37201
getting state for zip code: 68508
getting state for zip code: 67202
getting state for zip code: 64840
getting state for zip code: 74172
zip code 74172 is in state Oklahoma
zip code 37201 is in state Tennessee
zip code 64840 is in state Missouri
zip code 68508 is in state Nebraska
zip code 67202 is in state Kansas

Each time you run the asynchronous version it will output a different order because the tasks are running asynchronously. The waitAll() method will block until all tasks complete.

Thanks to jeremydanderson for helping me figure out how best to use the collect method.
Available link for download



Read more »






Posted by



at


























Labels:
,
,
,

















        

      









Subscribe to:
Posts (Atom)