Penetration testing

Kali Linux: Top 5 tools for password attacks

Graeme Messina
July 21, 2021 by
Graeme Messina

These are five great tools for password attacks from Kali Linux. By learning how to crack passwords with Kali, you not only learn how to break into systems, but you also get the skills necessary for defending against these types of attacks. 

There are many other tools available in Kali Linux that can help with this type of attack, so don’t be afraid to explore them. 

These are the most commonly used tools for password attacks in Kali Linux.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

1. John the Ripper

John the Ripper can be used to crack passwords from text files and word lists, also known as password dictionaries. It's often one of the most important tools that anyone who wants to break into systems will need for performing password attacks. 

John the Ripper is a great place to start if you're interested in learning how to perform these types of attacks on your own system or by using one of Kali Linux's virtual machines.

For John the Ripper to work, it needs both text files and word lists that contain passwords.

The number of passwords available in your dictionary or word list will determine the size of the file, so the bigger the file, the more passwords it will contain.  

After you've compiled the text files and word lists that contain passwords, simply pass them to John for processing.

Once a password has been identified as matching one of your texts or word lists, John will print out the username it belonged to and how many times it appeared in your list. 

2. Hydra

Among the password cracking programs available, Hydra can be used to brute force passwords. It has many advantages over John the Ripper, but it's slower and requires more processing power from your system to work correctly.

Hydra is just as straightforward as most of Kali Linux's tools: simply launch it with a wordlist and start guessing passwords until one works. Hydra will take longer to crack a long password than it will to crack a shorter one, so the length of the password can make a big difference.

Hydra uses parallelization to perform its login cracker tasks. It is capable of attacking numerous protocols. It utilizes multiple CPUs and can significantly reduce the time it takes to recover passwords from encrypted wireless networks, WPA/WPA2 protected access points and even heavily firewalled corporate LANs.

Using Hydra, researchers can demonstrate the ease of gaining unauthorized access to a system remotely in a very short space of time, sometimes in mere minutes. This can be a real wake-up call for users that do not use proper password security measures.

3. Cain & Abel

Cain is a Windows password recovery tool that can search and crack various password hashes and filter net packets using methods, including network packet sniffing.

Cain can often be used by computer forensics experts to decrypt an NT LAN Manager (NTLM) hash, which encrypts time-sensitive information between client computers and servers like Active Directory or LDAP servers to verify credentials.

Cain can be used in many different ways, making it a very handy tool to have as part of your toolkit. It's been designed with these four major features in mind: NetWare LAN Manager/Windows NT LM Hashes Cracker, Rainbow Table Generator, Offline NT Password & Registry Editor and Salted Hash Keeper.

You can test many different types of systems with Cain & Abel, so it is definitely worth becoming familiar with them.

4. Ophcrack

Ophcrack is a tool that can be used for breaking Windows passwords. This is a free, open-source tool that can recover all the hashes of the SAM (security accounts manager) registry key in older versions and LM Hashes in more recent ones.

This program runs by mapping out what's called rainbow tables to get you access to your password. Accelerating a process is achieved by using graphics processing units, or GPUs. These are the same graphics cards that are used for gaming and 3D design.

The first thing you need to do is select your Windows version and then download the rainbow tables for that specific version of Windows. Once this has been done, it will take about an hour or so for Ophcrack to finish running through its calculations with GPUs.

This is much quicker than traditional CPU-bound tools because graphics cards are capable of dealing with advanced mathematical calculations very quickly.

5. Hashcat

The world’s fastest password hacking utility, Hashcat supports five different types of attack in conjunction with more than 200 hashing algorithms. Hashcat can be used to crack passwords by leveraging hardware on computer systems such as GPUs for added speed. 

There are many ways to attack passwords such as brute-force, cracking the hashes with wordlists and rainbow tables.

Currently, Hashcat can be used with computer components like CPUs and GPUs. It also has multiple OS support with Linux, Windows and OSX, as well as the ability to enable distributed password cracking.

Some of the hash types that can be cracked with Hashcat are md512, MDBMZ (Mdaij), Windows LM Hashes and Cisco Type-based Password Lists. The support for these hashes is constantly growing and we will update as new algorithms get added to the program.

Where would a password cracking tool be useful?

In your daily tasks as a cybersecurity professional,  you may be asked to help a client identify the password of an email account or social media profile.

It's important to understand that all passwords have strengths and weaknesses, so it is not enough just to try guessing them until you find the right one.

You will need tools like John the Ripper to crack those types of passwords to access a machine like this.

The John the Ripper tool is very powerful and it's easy to use, which makes it perfect for everyday penetration testers.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Exploring Kali Linux password attack tools

Now that you know which tools are available in Kali for password cracking, you can start to try them out for yourself. It is satisfying when you finally gain access to a test machine that you thought you couldn’t crack, and learning how these tools work will help you to validate your theoretical knowledge with tangible, real world results.

Password attacks are a common way to break into systems, so you must be aware of what types of tools are available and how they work. Kali Linux is an operating system that has many tools for performing these types of attacks, which can be found in this post if you're interested in learning.

The key takeaway here is that you will be able to identify telltale signs of password cracking attempts on computer systems if you practice these techniques yourself.    

 

Sources:

Hydra package description, Kali Tools

Hashcat binaries, Haschat

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.