Posts: 9
Threads: 1
Joined: Nov 2024
(11-12-2024, 06:54 PM)Snoopy Wrote: Well, on Linux your desktop is "normally" located under /home/"your username"/Desktop and not under /usr/*
Anyway, in your first post you asked about windows, so my first question would be, are you running hashcat in a Microsoft Windows environment or a Linux environment, as these have quite a huge impact on where your Desktop is located.
Second point, for security reasons you should never copy&paste any command line taken from the internet before you can read and understand what will happen when you execute this command
so first get yourself familiar with the command line interface your are using (bash or similar on linux, cmd or powershell on windows) and the programm you want to use (hashcat obviously)
the basic usage of hashcat is
hashcat [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]
for options see wiki https://hashcat.net/wiki/doku.php?id=hashcat
the website you stated describes very well what happens and what the options mean, but you still have to adapt some options to match your environment, you need to know where the dictionary you want to use is located and how its named, you need to tell hashcat these infos, on linux for example there is a difference between rockyou.txt and RockYou.txt as linux cares about these differences in lower/uppercase. (tabulator autocomplete is your friend)
I am using bash through Terminal on Mac OS, Ventura 13.7.2. as it is on a 2017 Mac. It is a newer computer than my old Windows laptop. So if using bash, does that make it a Linux environment or does that need to be installed or do I need Linux if using hashcat on my Mac? I feel like I would do good with some 1 on 1 tutoring to make sure I am starting correctly.
I am feeling like I may need a 1 on 1 tutor, lol. High school geometry all over again...LOL
Posts: 9
Threads: 1
Joined: Nov 2024
(11-12-2024, 09:48 PM)needsunscreen1 Wrote: (11-12-2024, 06:54 PM)Snoopy Wrote: Well, on Linux your desktop is "normally" located under /home/"your username"/Desktop and not under /usr/*
Anyway, in your first post you asked about windows, so my first question would be, are you running hashcat in a Microsoft Windows environment or a Linux environment, as these have quite a huge impact on where your Desktop is located.
Second point, for security reasons you should never copy&paste any command line taken from the internet before you can read and understand what will happen when you execute this command
so first get yourself familiar with the command line interface your are using (bash or similar on linux, cmd or powershell on windows) and the programm you want to use (hashcat obviously)
the basic usage of hashcat is
hashcat [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]
for options see wiki https://hashcat.net/wiki/doku.php?id=hashcat
the website you stated describes very well what happens and what the options mean, but you still have to adapt some options to match your environment, you need to know where the dictionary you want to use is located and how its named, you need to tell hashcat these infos, on linux for example there is a difference between rockyou.txt and RockYou.txt as linux cares about these differences in lower/uppercase. (tabulator autocomplete is your friend)
I am using bash through Terminal on Mac OS, Ventura 13.7.2. as it is on a 2017 Mac. It is a newer computer than my old Windows laptop. So if using bash, does that make it a Linux environment or does that need to be installed or do I need Linux if using hashcat on my Mac? I feel like I would do good with some 1 on 1 tutoring to make sure I am starting correctly.
I am feeling like I may need a 1 on 1 tutor, lol. High school geometry all over again...LOL
Oh, I just found a youtube video and was able to crack the hash of hash.txt using the rockyou.txt wordlist. Hopefully I will eventually figure out how to hashcrack a zip file and a rar file I forgot the passwords to. If I don't know a password or the length, do I search for or create a wordlist and start trying an attack?
Posts: 886
Threads: 15
Joined: Sep 2017
Quote:Oh, I just found a youtube video and was able to crack the hash of hash.txt using the rockyou.txt wordlist. Hopefully I will eventually figure out how to hashcrack a zip file and a rar file I forgot the passwords to. If I don't know a password or the length, do I search for or create a wordlist and start trying an attack?
MacOS is based on FreeBSD (long time) and therefore a unix-style OS, nevertheless unix and linux are quite similar when it comes to handling tools
for zip and rar you need tools to extract the hash, John the Ripper, short JtR has many tools for that. Just google it or install it via homebre (if possible) JtR mostly adds some not needed info to the output, mostly filenames, so just take a look at example hashes https://hashcat.net/wiki/doku.php?id=example_hashes to see how the hash needs to be formed
first of all, starting with some good dictionarys is allways a valid strategy, bruteforce depends on the hashing speed and therefore isn't a good option for longer passwords
if you know "something" about the used password, example cracking your own password style, you can utilize things like maskprocessor, princeprocessor to generate special dictionarys just for your attack
Posts: 9
Threads: 1
Joined: Nov 2024
(11-15-2024, 12:59 PM)Snoopy Wrote: Quote:Oh, I just found a youtube video and was able to crack the hash of hash.txt using the rockyou.txt wordlist. Hopefully I will eventually figure out how to hashcrack a zip file and a rar file I forgot the passwords to. If I don't know a password or the length, do I search for or create a wordlist and start trying an attack?
MacOS is based on FreeBSD (long time) and therefore a unix-style OS, nevertheless unix and linux are quite similar when it comes to handling tools
for zip and rar you need tools to extract the hash, John the Ripper, short JtR has many tools for that. Just google it or install it via homebre (if possible) JtR mostly adds some not needed info to the output, mostly filenames, so just take a look at example hashes https://hashcat.net/wiki/doku.php?id=example_hashes to see how the hash needs to be formed
first of all, starting with some good dictionarys is allways a valid strategy, bruteforce depends on the hashing speed and therefore isn't a good option for longer passwords
if you know "something" about the used password, example cracking your own password style, you can utilize things like maskprocessor, princeprocessor to generate special dictionarys just for your attack
I installed John the Ripper using homebrew, and I guess I need to use the command zip2john, but I get command not found message. I looked up the issue and I saw that I needed to use the command brew install john-jumbo, so I did, but still having the same issue.
|
