Project 12: Cracking Linux Password Hashes with Hashcat (15 pts.)

What You Need for This Project

Getting Hashcat 2.00

Hashcat updated to 3.00 and it won't run in a virtual machine anymore. The simplest solution is to use the old version.

In a Terminal window, execute these commands:

cd
mkdir hash
cd hash
wget https://hashcat.net/files_legacy/hashcat-2.00.7z
7z e hashcat-2.00.7z
./hashcat-cli32.bin -V

Troubleshooting

If that link doesn't work, use this one:

wget https://samsclass.info/123/proj10/hashcat-2.00.7z

Troubleshooting

If you see an "No such file or directory" error message when launching hashcat-cli32.bin, you may be using a 64-bit Kali system. Try using hashcat-cli64.bin instead.

Creating a Test User

In a Terminal window, execute this command:
adduser jose
At the "Enter new UNIX password" enter a password of password

At the "Retype new UNIX password" enter a password of password

Press Enter to accept defaults for the other options, as shown below:

Viewing the Password Hash

In a Terminal window, execute this command:
tail /etc/shadow
The last line shows the password hash for jose, as shown below (your hash will be different):

Finding Your Salt Value

Look at the salt following the username "jose". The $6$ value indicates a type 6 password hash (SHA-512, many rounds). The characters after $6$, up to the next $, are the SALT.

In my example, the SALT is CqiOcwyE

Understanding the Hash Algorithm

The hash algorithm is defined in the file /etc/login.defs. To see the portion of that file discussing the password hash algorithm, execute this grep command to see 18 lines after the line containing the string "ENCRYPT_METHOD":
grep -A 18 ENCRYPT_METHOD /etc/login.defs
As you can see, Kali Linux uses SHA-512 hashes, with the default value of 5000 rounds:

Making a Hash File

In a Terminal window, execute these commands:
tail -n 1 /etc/shadow > crack1.hash

nano crack1.hash

In the nano text editor, carefully delete the username jose and the colon after it, and all the text at the end of the file, including all the colons, leaving only the hash, as shown below:

Press Ctrl+X, Y, Enter to save the file.

Dowloading a Wordlist

We'll use a very small list of 500 common passwords.

In a Terminal window, execute these commands:

curl http://www.scovetta.com/download/500_passwords.txt > 500_passwords.txt

head 500_passwords.txt

You should see the first ten passwords, as shown below:

Troubleshooting

If that link doesn't work, use this one:

curl https://samsclass.info/123/proj10/500_passwords.txt > 500_passwords.txt

Cracking the Hash

In a Terminal window, execute these commands:
./hashcat-cli32.bin -m 1800 -a 0 -o found1.txt --remove crack1.hash 500_passwords.txt

cat found1.txt

Explanation: This uses hashcat with these options:

You should see the hash, with the cracked password of "password" at the end, as shown below:

Saving a Screen Image

Make sure the Terminal window is visible, showing the cracked password of "password".

Click on the host machine's desktop, outside the virtual machine to make the host machine's desktop active.

Press the PrintScrn key to copy the whole desktop to the clipboard.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT.

In the host machine, open Paint and paste in the captured image. Save it as "Your Name Proj12a".

Getting the crack2.hash List

In a Terminal window, execute these commands:
curl https://samsclass.info/123/proj10/crack2.hash > crack2.hash

cat crack2.hash

You should see four password hashes, as shown below:

Cracking the Hashes

In a Terminal window, execute these commands:
./hashcat-cli32.bin -m 1800 -a 0 -o found2.txt --remove crack2.hash 500_passwords.txt

cat found2.txt

You should see the hashes, with the found passwords at the end of each line as shown below. (I redacted the passwords.)

Saving a Screen Image

Make sure the Terminal window is visible, showing the found passwords.

Click on the host machine's desktop, outside the virtual machine to make the host machine's desktop active.

Press the PrintScrn key to copy the whole desktop to the clipboard.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT.

In the host machine, open Paint and paste in the captured image. Save it as "Your Name Proj12b".

Turning in Your Project

Email the images to cnit.123@gmail.com with a subject line of "Proj 12 From Your Name", replacing "Your Name" with your own first and last name. Send a Cc to yourself.

Sources

http://www.vidarholen.net/contents/junk/files/sha512crypt.bash

http://hashcat.net/files/hashcat_user_manual.pdf

http://contest-2010.korelogic.com/wordlists.html

http://www.scovetta.com/article-2.html


Last modified 3-25-17