Cara Crack File Password /etc/shadow Dengan Hydra

Selamat datang lur, Pasti kalian yang nge klik postingan ini ada masalah pas mau cracking password yang ada di file /etc/shadow.Nah disini gw bakal share cara cracking password shadow yang paling mudah yaitu mengunakan tools hashcat. Kenapa pakai hashcat? kenapa ga gunain John The Ripper aja?... Ya karna menurut gua mengunakan hashcat tidak se ribet mengunakan john the ripper dan juga hashcat sangan cepat.

 Oke pastiin kalian sudah punya hash dari /etc/shadow nya yang bakal kita crack. Disini gua pakai /etc/shadow punya linux gw sendiri. Di sini gw punya 2 user aktif yaitu user root, dan fajar. Mereka punya hash password yang tentunya berdeda. disini kita bakal coba crack kedua password tersebut.

$6$q8b64nbZdaRXo5S0$thIm8EVn6R0wB2Trmws2aZtieusik8qOcS6augOoJMKz6yapdO2RwXnY1SGQypUKeYEVYizNIN.IGl2q/QGvw1
$6$hcu9b.kfsi4b0VhM$FX8bFLjozz8ZyC0PEPih3iAAMgVRosIDby9NYETyh1rSG53hI3dJ4DY/ne3SvoIMsMlHB6Nc6qzSxKjvyrDxW0

Dan pastiin juga kalian sudah punya wordlist yang bakal kita gunakan untuk  membruteforce password itu nanti

# hashcat brute

Oke jadi type dari hash di file shadow ini adalah sha512crypt, jadi kita cari dulu di hashcat type sha512crypt mengunakan mode nomor berapa. Ketik command hashcat --help di terminal  

  12400 | BSDi Crypt, Extended DES                         | Operating System
   1000 | NTLM                                             | Operating System
    122 | macOS v10.4, macOS v10.5, MacOS v10.6            | Operating System
   1722 | macOS v10.7                                      | Operating System
   7100 | macOS v10.8+ (PBKDF2-SHA512)                     | Operating System
   9900 | Radmin2                                          | Operating System
   5800 | Samsung Android Password/PIN                     | Operating System
   3200 | bcrypt $2*$, Blowfish (Unix)                     | Operating System
    500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)        | Operating System
   1500 | descrypt, DES (Unix), Traditional DES            | Operating System
   7400 | sha256crypt $5$, SHA256 (Unix)                   | Operating System
   1800 | sha512crypt $6$, SHA512 (Unix)                   | Operating System
  13800 | Windows Phone 8+ PIN/password                    | Operating System

Oke jadi nomor untuk type sha512crypt itu ada di nomor 1800. sekarang kita lihat bagaimana cara pengunaan hashcat.

  Attack-          | Hash- |
  Mode             | Type  | Example command
 ==================+=======+==================================================================
  Wordlist         | $P$   | hashcat -a 0 -m 400 example400.hash example.dict
  Wordlist + Rules | MD5   | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
  Brute-Force      | MD5   | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
  Combinator       | MD5   | hashcat -a 1 -m 0 example0.hash example.dict example.dict

Okeh disini kita pakai attack mode mengunakan wordlist jadi kita memakai cara yang paling atas. contoh pemakaian :

hashcat -a 0 -m nomor_hash hash.txt wordlist.txt

Langsung aja kita praktekan. command gw:

hashcat -a 0 -m 1800 shadow.txt pass.txt

Output:

Dictionary cache built:
* Filename..: pass.txt
* Passwords.: 8
* Bytes.....: 60
* Keyspace..: 8
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

$6$q8b64nbZdaRXo5S0$thIm8EVn6R0wB2Trmws2aZtieusik8qOcS6augOoJMKz6yapdO2RwXnY1SGQypUKeYEVYizNIN.IGl2q/QGvw1:praditya
$6$hcu9b.kfsi4b0VhM$FX8bFLjozz8ZyC0PEPih3iAAMgVRosIDby9NYETyh1rSG53hI3dJ4DY/ne3SvoIMsMlHB6Nc6qzSxKjvyrDxW0:nopebee7
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Name........: sha512crypt $6$, SHA512 (Unix)
Hash.Target......: shadow.txt
Time.Started.....: Tue Jan 19 16:27:37 2021 (2 secs)
Time.Estimated...: Tue Jan 19 16:27:39 2021 (0 secs)
Guess.Base.......: File (pass.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:        6 H/s (4.43ms) @ Accel:8 Loops:256 Thr:1 Vec:2
Recovered........: 2/2 (100.00%) Digests, 2/2 (100.00%) Salts
Progress.........: 16/16 (100.00%)
Rejected.........: 0/16 (0.00%)
Restore.Point....: 0/8 (0.00%)
Restore.Sub.#1...: Salt:1 Amplifier:0-1 Iteration:4864-5000
Candidates.#1....: nopebee7 -> skullxploit

Started: Tue Jan 19 16:23:02 2021
Stopped: Tue Jan 19 16:27:44 2021

Dan oke jadi kita dapet password untuk kedua hash tersebut. Berbagai kemungkinan itu ada di wordlist kalian, Dan biasanya gw mengunakan wordlist rockyou.txt yang sudah ada di kali linux gw. kalian juga bisa cari cari wordlist di google. Okelah sekian, Easy banget bukan?? dan juga proses mengunakan hashcat ini cepat.

Okelah segitu aja postingan hari ini. ~ta ta