Transcript for:
Password Hacking Lecture Notes

password hacking in this video i'm going to show you how to hack into a server by cracking its password and this is real world you'll get a chance to do this yourself on my server also this is for educational purposes only please don't go hack somebody else without the permission only hack me you need to learn learn learn hacking [Music] okay the goal here is to hack into this server the coffee server why because once we do we get free coffee and coffee is awesome although you might need coffee for this so go ahead and get it now the good news is that we already have a username the username is dwight.schrute which is a great start but what we don't have is the password this is our mission we're going to hack dwight schrute's password and when i say hack i also mean crack oh and by the way this is a real server that i want you to try and break into watch until the end i've got a challenge and the first five people to complete that challenge will win free coffee legit all right here we go i want also a huge shout out to it pro tv the sponsor of this video and my hacking journey they're my primary learning source for learning things like this so if you want to dive deeper check it out link below if you use my code network chuck you get 30 off forever so yeah so how do we hack this password how do we crack it well we can do it the old-fashioned way right the good old dwight schrute method try zero zero zero zero zero zero no okay now try zero zero zero zero zero one ssh dwight dot schrute at my host and i just start trying passwords zero zero zero zero zero one no let's try it again zero zero zero zero two no that's not right let's try it again zero zero zero zero three oh let's try it again no why would you keep doing that there are better ways and we can even automate this process to make it killer check this out so what we were just doing is traditionally called a brute force attack we were gonna sit there and try every password under the sun until we found out dwight's password even if it took us five years not the most efficient use of our time now to be fair every attack i'm going to show you is technically a brute force attack but we refer to them in different ways but there are so many better ways and we're going to open up some hacking tools right now and they're amazing check this out the first tool i want to show you is called hydra so fire up kali linux launch your terminal and we'll get going we're going to use hydra for an online attack which basically means we're going to be trying our passwords on a live system we'll be entering those passwords in the prompt and getting denied as we keep trying them now hydra is going to do all the work for us we'll enter our command in step away and done but she's not going to do what we just saw just trying every password under the sun 001 002 no no no we're going to give her a list a list of passwords that we think might be it what we're doing here providing hydra with a list of passwords is called a dictionary attack and this is crazy effective because it has a list of common passwords that a lot of people might use and we have a lot of passwords at our disposal one list we have that's already built into kali linux is called the roku password list this company rock you got hacked back in 2009 and these hackers released all their passwords they found which were stored in plain text so now we get to use it and this list is massive let's take a look right now if i open another terminal here if you're on cali you can find it in user share word lists and there it is right there rockyu.txt and we'll just unzip that real quick sudo gzip d the file name rock u dot txt dot gz and let's take a look at it i'll cap the file right now look at that so many passwords i better stop before my computer has a heart attack there we go now i will not be using that list that list has 14 million passwords but i do have my own list here is my word list things i think dwight might use so let's try it out first i'll specify my username now i could do dash uppercase l to specify a file name like usernames.txt and look through a list of names now i already know it's dwight so i can just do a lowercase l and put in dwight dot shroot and then i'll specify my password file do dash uppercase p and my file which i have named word list dot txt i'll do a backslash to move to the next line here and then my host which is 45. blah blah blah and then the service type now right now i'm accessing the server using ssh so i'll specify ssh it could be ftp it could be telnet whatever and let's go oh password it's all about passwords bam you see how fast that was i mean the list wasn't big right but it found it check it out here's the password bears beats and went through my list tried each one this is the one now this method is fun and useful but let me tell you if you're trying a bunch of login attempts a bunch of passwords firewalls might find you you might get blocked plus you have timeouts the account probably will get locked out not the best method but we have another way a better way check this out let's take our password hacking from online to offline in this situation we're not going to try and log into the server a million times but how does that work how do we know if it's going to be the right password if we can't actually try it one word hashing what is that let's talk about it you see when mr dwight schrute created his password bears beats the server will take this password and store it in its database so that when dwight logs in they can go oh that is dwight's password come on in dwight but they don't store it like this in plain text like you won't log in and see bears beats it won't be there actually let me show you what it looks like right now on that server it'll look like this this right here is dwight's password this crazy mess of numbers and letters is called a hash so when dwight created this password bears beats the coffee server hashed it basically put in his mouth chewed it up and spit it out looks like this now now it's a lot more complex than just chewing it up and spitting it out for the server to turn bears beats into this it uses these crazy hashing algorithms which without getting two in the weeds on it is just a crazy math problem function turning it into this you might already be familiar with some of the hashing algorithms out there popular ones are md5 sha-256 you got ntlm on windows and if we were to somehow hack into the server via other means and get a list of all the username and passwords that look like this it would do us zero good no good at all when dwight logs in and he put this password in bears beats the server takes this password chews it up spits it out or in this case runs it through its md5 algorithm and if the hash matches the hash stored in its database you can go in you're good this should be how most websites and services out there are storing your passwords not in plain text like the roku server no no it's hashed so if they do get hacked and hackers get that list of usernames and passwords they don't have your password yet here's what we can do we may not have dwight's password but if we have his hash if we somehow got that information we can do some offline password cracking to figure out what it is now again we can't reverse engineer it but we can brute force our way into it we're going to do what we did before we're going to take our word list and we're going to try and use each of these passwords but instead of trying to log into the server we're going to run that hashing algorithm we're going to chew it up and spit it out we're going to run that md5 algorithm and see if it matches the hash we have for dwight schrute so we'll take the first password salesman of the year three run it through it looks like this doesn't match we move on we try password one two three and we get this not a match we move on and we keep going until we find a hash that matches and we'll try bears beats and boom this one does match a plus let's go we got the password let's hack into the system let's do this right now okay here in cali we're going to try out a tool called hashcat for this tool we're going to use two things first our word list our list of possible passwords and two we'll need our file of hashes let's go and create this real quick linux will store its hash passwords in the shadow file so i'll grab that right now i'll just create that file paste all that stuff in there save that now let's crack a password the command will be sudo cat now real quick hash cat's pretty crazy you can do a lot of stuff i'm going to show you the basics real quick first we'll start with the method which we'll specify with dash a let's go to the manual page of our hashcat real quick so open up another terminal window and go to man and hashcat a lot of stuff going on let me scroll through to where i'm talking about so we used dash a and here are the options and if i talked about every one of these options this video would be like four hours long so i'm only going to talk about option zero the straight option which is just going through a word list and doing what we just talked about these other options which i would ignore brute force but combination hybrid word list and mask hybrid mask with word list and some crazy stuff it's not just going through a word list but it's auto generating these crazy password lists and these password combinations and what password characters you can use it can be intense and perhaps it's a video for another time for now we're going to talk about just a straight dictionary attack option zero so we'll put in zero now next is our hashing type we'll put in dash m to specify that let's go back to our man page here we have our hashing types and there's a lot a lot of hashing types and this can be based on what type of password you're trying to hack for example if you know you're gonna be hacking cisco look at that you'll enter the code 5700 in that option for a plain jane md5 it'll be zero 1000 for ntlm which if you're hacking windows based passwords that's what you'll use and for our example we're going to be using 1800 for sha-512 unix passwords so we'll put in 1800 i'm also going to throw in a dash lowercase o and specify a file name crackpasswords.txt this is where it's going to store the information we find out and then finally the two files we're going to be using the first will be our hashes which we named hashes dot txt and then our word list we're going to use which was word list dot txt and that's all we need hash cat's about to spit some words out let's do it here we go and that gum that was fast now again the word list was not that big and it found the password if you look here at candidates dot number one it gave us two options eminem and bears beats now we know that bears beats is the correct password so great job hashgat now let's try one more let's try a windows based password i'll do sudo hash cat once more do a dash a specify oh not dash one dash a and specify my method which will be zero dash m this time i'm doing ntlm for microsoft windows i know this to be 1000 as the code by looking at the manual page i'll do a dash lowercase o for correctpasswords.txt where i'm going to store my stuff and then my hash now i could specify a file this time i'm going to specify the hash i'm just going to copy that in there so i'll just put that in quotes so i got the one hash i'm looking for then i'll put my word list in right here wordlist.txt and go now it's a bit wonky because it says the candidates right now are bears beats which i know is not the password but if i go to the top here it says the session status cracked it said it did it with this hash let's go look in that file we put that in so i'll sudo cat crackpasswords.txt and let's take a look inside there there it is okay perfect there's the hash i used and there's the password for my word list that we matched up and that was indeed the password so now i have a challenge for you i want you to use the skills you just learned in this video to hack or crack my server's passwords the first five people to do this will win coffee so link below good luck and if you don't win that's fine i'll keep this challenge up for probably a week or maybe two weeks and i would love for you to let me know below what you think about it and again it's using the skills we just talked about here in this video i'm gonna have you crack a password via the online method using a word list using hydra bam bam bam automation and then i'm gonna have you crack an offline password using a word list a hash a password hash using hashcat now there's a lot more to password hacking or cracking i just scratched the surface here but i wanted to get you started hashcat is a crazy program that you can use to do some well crazy stuff if you have something like a beastly gaming pc like this this boy behind me with a crazy cpu and a crazy gpu you can do some serious password cracking going through massive word lists i'm talking millions and millions of passwords in these lists anyways guys that's about it password hacking password cracking whatever you want to call it it's a powerful tool and again please do not use this in any way that's illegal which let me be very clear unless you have someone's explicit permission to do this it's illegal hack yourself hack your own passwords hack me i'm giving you permission to hack my just the one server nothing else in my challenge otherwise set up your own lab and do it and there do not use this for any illegal methods but beyond that i hope you like this video if you do like it like it and if you haven't already hit that subscribe button if you like what i'm doing here yep that's about it i'll catch you guys later [Music] you