Cracking Linux passwords is still doable in 2024, this just requires that the Nvidia CUDA toolkit be installed on your PC as well as hashcat.
Then we may begin attempting to crack the password hashes. Below I am attempting to crack Alma Linux password hashes. I am using the rockyou2021.txt password list.
(jcartwright@localhost) 192.168.1.5 hashcat-6.2.6 $ ./hashcat.bin -m 1800 -o output.txt hash.txt rockyou.txt
hashcat (v6.2.6) starting
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 12.3)
====================
* Device #1: NVIDIA GeForce RTX 2060, 5483/5923 MB, 30MCU
OpenCL API (OpenCL 3.0 CUDA 12.3.68) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce RTX 2060, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 6 digests; 6 unique digests, 6 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Zero-Byte
* Uses-64-Bit
ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 281 MB
Dictionary cache built:
* Filename..: rockyou2021.txt
* Passwords.: 8459060239
* Bytes.....: 98378212907
* Keyspace..: 8459060239
* Runtime...: 20 mins, 2 secs
These are the password hashes I am trying to crack.
(jcartwright@localhost) 192.168.1.5 hashcat-6.2.6 $ cat hash.txt
root:$6$/lIOyMuIf.xwY7oM$mH.FZ7iptq5oUZnLa75Hqis5FI//N/KjQ0iRqoSl5PmRV4Jfwd4cphgtwCrrJsPlTqZZ2rCK4.maD4cdB4zpC/::0:99999:7:::
jcartwright:$6$n4HqCV8bBCIv/e5P$26MQNVKq2LYzrMG2cd4bG6wcxZ4TqaIs6p4YJ.8g9M8r8YcCvbo7xIC36U0KcsGDcUHhtJ2zd5EaOJXooG1eZ0::0:99999:7:::
user1:$6$rounds=65536$GrEwAW2vITiK2r6V$3Y0panmWUtECb0YryrV/G4esOBsnwI2Xdcpzcf1AZuA6lDvwQrnbrEq7ebi.M5FGeMNEMznefyvHwc95EwhQS0:0:0:90:7:::
user2:$6$rounds=65536$Gh0iGO4CRaKNRSs0$kV3QJf0YZdubeq0oSBE3tnX4hvv5CFi4o9jtq71AksWoqTy.b.nstLCkFrfNkXoFrOKVjfbJPRoPCkFEQh7cI/:0:0:90:7:::
user3:$6$rounds=65536$1cqU68jlYRfD5bkJ$GjQLCnyN9CTGXtScphb56jJtrlCQl06zjp9C2sfGmqZEsNoDZSC6DfFTxM5BOSL.5QUhEPcnLP1O1P4Wq6x1z/:19555:0:90:7:::
johann:$6$rounds=65536$KKJlO3vWN.Gx/MKF$M3.oWNOTjtxPuusCu2.8C7UWaQRLxfhvi/yTXpWuby8MEBOOCy012jsN3bopSWYLuE/XV2FWDwLdSiAqi/j091:19753:0:90:7:::
Press s when hashcat is running to see the current status.
Session..........: hashcat Status...........: Running Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix)) Hash.Target......: hash.txt Time.Started.....: Mon Feb 12 10:02:54 2024 (13 mins, 28 secs) Time.Estimated...: Mon Jul 15 04:51:27 2024 (153 days, 19 hours) Kernel.Feature...: Pure Kernel Guess.Base.......: File (rockyou.txt) Guess.Queue......: 1/1 (100.00%) Speed.#1.........: 3819 H/s (10.47ms) @ Accel:512 Loops:64 Thr:64 Vec:1 Recovered........: 0/6 (0.00%) Digests (total), 0/6 (0.00%) Digests (new), 0/6 (0.00%) Salts Progress.........: 3080192/50754361434 (0.01%) Rejected.........: 0/3080192 (0.00%) Restore.Point....: 491520/8459060239 (0.01%) Restore.Sub.#1...: Salt:4 Amplifier:0-1 Iteration:1984-2048 Candidate.Engine.: Device Generator Candidates.#1....: !#%&REWQAsdf -> !#%&cvbnbvcx Hardware.Mon.#1..: Temp: 85c Fan: 50% Util: 98% Core:1545MHz Mem:6801MHz Bus:16
Download hashcat here: https://hashcat.net/hashcat/
I managed to crack one Linux user password.
Session..........: hashcat Status...........: Quit Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix)) Hash.Target......: hash.txt Time.Started.....: Mon Feb 12 10:55:38 2024 (48 mins, 1 sec) Time.Estimated...: Mon Feb 12 15:19:33 2024 (3 hours, 35 mins) Kernel.Feature...: Pure Kernel Guess.Base.......: File (rockyou.txt) Guess.Queue......: 1/1 (100.00%) Speed.#1.........: 4532 H/s (6.35ms) @ Accel:1024 Loops:32 Thr:32 Vec:1 Recovered........: 1/6 (16.67%) Digests (total), 1/6 (16.67%) Digests (new), 1/6 (16.67%) Salts Progress.........: 15597568/86066304 (18.12%) Rejected.........: 0/15597568 (0.00%) Restore.Point....: 2588672/14344384 (18.05%) Restore.Sub.#1...: Salt:2 Amplifier:0-1 Iteration:15520-15552 Candidate.Engine.: Device Generator Candidates.#1....: yoco123 -> yayolin247 Hardware.Mon.#1..: Temp: 83c Fan: 75% Util: 97% Core:1770MHz Mem:6801MHz Bus:16
This is the result.
(jcartwright@localhost) 192.168.1.5 hashcat-6.2.6 $ cat output.txt
$6$rounds=65536$KKJlO3vWN.Gx/MKF$M3.oWNOTjtxPuusCu2.8C7UWaQRLxfhvi/yTXpWuby8MEBOOCy012jsN3bopSWYLuE/XV2FWDwLdSiAqi/j091:password2
This is only if the password is in the wordlist, using a larger wordlist like rockyou2021.txt would make it more probable the password will be found, but it will take much longer. But this is a very good way to attempt password cracking on Linux. If the user is using a password such as 743643t4yy4ghy4yg47yy^T^&f5ef36g46tyg4g6446g647gh465h645h547yh54 then it will not be crackable in any timeframe.
How to crack a pin number by generating a wordlist with all possible numbers.
This is very easy. If you know a password will only contain the letters and numbers “123abc” then a wordlist may be created containing all possible variations of passwords.
╭──(john㉿DESKTOP-PF01IEE)───╮ ╰───────────────────────────╾╯(~)-(172.18.32.151)┋ crunch 16 16 123abc Crunch will now generate the following amount of data: 47958868426752 bytes 45737141 MB 44665 GB 43 TB 0 PB Crunch will now generate the following number of lines: 2821109907456 |
But if it is only 8 characters long, then the amount of variations is much less. A 14-megabyte wordlist is better than 43 Terabytes.
╭──(john㉿DESKTOP-PF01IEE)───╮ ╰───────────────────────────╾╯(~)-(172.18.32.151)┋ crunch 8 8 123abc Crunch will now generate the following amount of data: 15116544 bytes 14 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 1679616 |
But cracking a 4-digit PIN code with only numbers means only 10,000 possible combinations.
╭──(john㉿DESKTOP-PF01IEE)───╮ ╰───────────────────────────╾╯(~)-(172.18.32.151)┋ crunch 4 4 1234567890 -o pin.lst Crunch will now generate the following amount of data: 50000 bytes 0 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 10000 |