In a Terminal window, execute these commands:
cd
mkdir hash
cd hash
wget https://hashcat.net/files_legacy/hashcat-2.00.7z
7z e hashcat-2.00.7z
./hashcat-cli32.bin -V
Troubleshooting
If that link doesn't work, use this one:wget https://samsclass.info/123/proj10/hashcat-2.00.7z
Troubleshooting
If you see an "No such file or directory" error message when launching hashcat-cli32.bin, you may be using a 64-bit Kali system. Try using hashcat-cli64.bin instead.
adduser jose
At the "Enter new UNIX password" enter a password
of password
At the "Retype new UNIX password" enter a password of password
Press Enter to accept defaults for the other options, as shown below:
tail /etc/shadow
The last line shows the password hash for jose,
as shown below (your hash will be different):
In my example, the SALT is CqiOcwyE
grep -A 18 ENCRYPT_METHOD /etc/login.defs
As you can see, Kali Linux uses SHA-512 hashes,
with the default value of 5000 rounds:
tail -n 1 /etc/shadow > crack1.hash
nano crack1.hash
In the nano text editor, carefully delete
the username jose and the colon after it,
and all the text at the end of the file, including all the colons,
leaving only the hash, as shown below:
Press Ctrl+X, Y, Enter to save the file.
In a Terminal window, execute these commands:
curl http://www.scovetta.com/download/500_passwords.txt > 500_passwords.txt
head 500_passwords.txt
You should see the first ten passwords,
as shown below:
Troubleshooting
If that link doesn't work, use this one:curl https://samsclass.info/123/proj10/500_passwords.txt > 500_passwords.txt
./hashcat-cli32.bin -m 1800 -a 0 -o found1.txt --remove crack1.hash 500_passwords.txt
cat found1.txt
Explanation: This uses hashcat with these options:
You should see the hash, with the cracked password of "password" at the end, as shown below:
Click on the host machine's desktop, outside the virtual machine to make the host machine's desktop active.
Press the PrintScrn key to copy the whole desktop to the clipboard.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT.
In the host machine, open Paint and paste in the captured image. Save it as "Your Name Proj12a".
curl https://samsclass.info/123/proj10/crack2.hash > crack2.hash
cat crack2.hash
You should see four password hashes,
as shown below:
./hashcat-cli32.bin -m 1800 -a 0 -o found2.txt --remove crack2.hash 500_passwords.txt
cat found2.txt
You should see the hashes, with the found passwords
at the end of each line
as shown below. (I redacted the passwords.)
Click on the host machine's desktop, outside the virtual machine to make the host machine's desktop active.
Press the PrintScrn key to copy the whole desktop to the clipboard.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT.
In the host machine, open Paint and paste in the captured image. Save it as "Your Name Proj12b".
http://hashcat.net/files/hashcat_user_manual.pdf
http://contest-2010.korelogic.com/wordlists.html
http://www.scovetta.com/article-2.html