Posted: . At: 11:59 AM. This was 3 months ago. Post ID: 19202
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


Cracking Linux passwords with hashcat in 2024.

by

Cracking Linux passwords is still doable in 2024, this just requires that the Nvidia CUDA toolkit be installed on your PC as well as hashcat.

Then we may begin attempting to crack the password hashes. Below I am attempting to crack Alma Linux password hashes. I am using the rockyou2021.txt password list.

(jcartwright@localhost) 192.168.1.5 hashcat-6.2.6  $ ./hashcat.bin -m 1800 -o output.txt hash.txt rockyou.txt 
hashcat (v6.2.6) starting

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 12.3)
====================
* Device #1: NVIDIA GeForce RTX 2060, 5483/5923 MB, 30MCU

OpenCL API (OpenCL 3.0 CUDA 12.3.68) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce RTX 2060, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 6 digests; 6 unique digests, 6 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Zero-Byte
* Uses-64-Bit

ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 281 MB

Dictionary cache built:
* Filename..: rockyou2021.txt
* Passwords.: 8459060239
* Bytes.....: 98378212907
* Keyspace..: 8459060239
* Runtime...: 20 mins, 2 secs

These are the password hashes I am trying to crack.

(jcartwright@localhost) 192.168.1.5 hashcat-6.2.6  $ cat hash.txt 
root:$6$/lIOyMuIf.xwY7oM$mH.FZ7iptq5oUZnLa75Hqis5FI//N/KjQ0iRqoSl5PmRV4Jfwd4cphgtwCrrJsPlTqZZ2rCK4.maD4cdB4zpC/::0:99999:7:::
jcartwright:$6$n4HqCV8bBCIv/e5P$26MQNVKq2LYzrMG2cd4bG6wcxZ4TqaIs6p4YJ.8g9M8r8YcCvbo7xIC36U0KcsGDcUHhtJ2zd5EaOJXooG1eZ0::0:99999:7:::
user1:$6$rounds=65536$GrEwAW2vITiK2r6V$3Y0panmWUtECb0YryrV/G4esOBsnwI2Xdcpzcf1AZuA6lDvwQrnbrEq7ebi.M5FGeMNEMznefyvHwc95EwhQS0:0:0:90:7:::
user2:$6$rounds=65536$Gh0iGO4CRaKNRSs0$kV3QJf0YZdubeq0oSBE3tnX4hvv5CFi4o9jtq71AksWoqTy.b.nstLCkFrfNkXoFrOKVjfbJPRoPCkFEQh7cI/:0:0:90:7:::
user3:$6$rounds=65536$1cqU68jlYRfD5bkJ$GjQLCnyN9CTGXtScphb56jJtrlCQl06zjp9C2sfGmqZEsNoDZSC6DfFTxM5BOSL.5QUhEPcnLP1O1P4Wq6x1z/:19555:0:90:7:::
johann:$6$rounds=65536$KKJlO3vWN.Gx/MKF$M3.oWNOTjtxPuusCu2.8C7UWaQRLxfhvi/yTXpWuby8MEBOOCy012jsN3bopSWYLuE/XV2FWDwLdSiAqi/j091:19753:0:90:7:::

Press s when hashcat is running to see the current status.

Session..........: hashcat
Status...........: Running
Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix))
Hash.Target......: hash.txt
Time.Started.....: Mon Feb 12 10:02:54 2024 (13 mins, 28 secs)
Time.Estimated...: Mon Jul 15 04:51:27 2024 (153 days, 19 hours)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:     3819 H/s (10.47ms) @ Accel:512 Loops:64 Thr:64 Vec:1
Recovered........: 0/6 (0.00%) Digests (total), 0/6 (0.00%) Digests (new), 0/6 (0.00%) Salts
Progress.........: 3080192/50754361434 (0.01%)
Rejected.........: 0/3080192 (0.00%)
Restore.Point....: 491520/8459060239 (0.01%)
Restore.Sub.#1...: Salt:4 Amplifier:0-1 Iteration:1984-2048
Candidate.Engine.: Device Generator
Candidates.#1....: !#%&REWQAsdf -> !#%&cvbnbvcx
Hardware.Mon.#1..: Temp: 85c Fan: 50% Util: 98% Core:1545MHz Mem:6801MHz Bus:16

Download hashcat here: https://hashcat.net/hashcat/

I managed to crack one Linux user password.

Session..........: hashcat
Status...........: Quit
Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix))
Hash.Target......: hash.txt
Time.Started.....: Mon Feb 12 10:55:38 2024 (48 mins, 1 sec)
Time.Estimated...: Mon Feb 12 15:19:33 2024 (3 hours, 35 mins)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:     4532 H/s (6.35ms) @ Accel:1024 Loops:32 Thr:32 Vec:1
Recovered........: 1/6 (16.67%) Digests (total), 1/6 (16.67%) Digests (new), 1/6 (16.67%) Salts
Progress.........: 15597568/86066304 (18.12%)
Rejected.........: 0/15597568 (0.00%)
Restore.Point....: 2588672/14344384 (18.05%)
Restore.Sub.#1...: Salt:2 Amplifier:0-1 Iteration:15520-15552
Candidate.Engine.: Device Generator
Candidates.#1....: yoco123 -> yayolin247
Hardware.Mon.#1..: Temp: 83c Fan: 75% Util: 97% Core:1770MHz Mem:6801MHz Bus:16

This is the result.

(jcartwright@localhost) 192.168.1.5 hashcat-6.2.6  $ cat output.txt 
$6$rounds=65536$KKJlO3vWN.Gx/MKF$M3.oWNOTjtxPuusCu2.8C7UWaQRLxfhvi/yTXpWuby8MEBOOCy012jsN3bopSWYLuE/XV2FWDwLdSiAqi/j091:password2

This is only if the password is in the wordlist, using a larger wordlist like rockyou2021.txt would make it more probable the password will be found, but it will take much longer. But this is a very good way to attempt password cracking on Linux. If the user is using a password such as 743643t4yy4ghy4yg47yy^T^&f5ef36g46tyg4g6446g647gh465h645h547yh54 then it will not be crackable in any timeframe.

How to crack a pin number by generating a wordlist with all possible numbers.

How to crack a pin number by generating a wordlist with all possible numbers.

This is very easy. If you know a password will only contain the letters and numbers “123abc” then a wordlist may be created containing all possible variations of passwords.

╭──(john㉿DESKTOP-PF01IEE)───╮
╰───────────────────────────╾╯(~)-(172.18.32.151)┋ crunch 16 16 123abc
Crunch will now generate the following amount of data: 47958868426752 bytes
45737141 MB
44665 GB
43 TB
0 PB
Crunch will now generate the following number of lines: 2821109907456

But if it is only 8 characters long, then the amount of variations is much less. A 14-megabyte wordlist is better than 43 Terabytes.

╭──(john㉿DESKTOP-PF01IEE)───╮
╰───────────────────────────╾╯(~)-(172.18.32.151)┋ crunch 8 8 123abc
Crunch will now generate the following amount of data: 15116544 bytes
14 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 1679616

But cracking a 4-digit PIN code with only numbers means only 10,000 possible combinations.

╭──(john㉿DESKTOP-PF01IEE)───╮
╰───────────────────────────╾╯(~)-(172.18.32.151)┋ crunch 4 4 1234567890 -o pin.lst
Crunch will now generate the following amount of data: 50000 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 10000

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.