# Ethical Hacking mit Python und Kali Linux Kali Linux ist DAS Hacker Linux mit allen nötigen Tools um einen vernünftigen Pentest zu machen. Know your Enemy [Heise Security Tips](https://www.heise.de/select/ct-wissen/2021/11/softlinks/wn7d?wt_mc=pred.red.ct.sh_wissen112021.106.softlink.softlink) ## Nmap nmap -O ip-adresse # gibt unter anderem das Betriebssystem wieder nmap -sV ip-adresse # gibt Versionen wieder ### Subdomains finden Subfinder findet alles docker pull projectdiscovery/subfinder docker run projectdiscovery/subfinder -d example.com ## Metasploit ## Burpsuite ## Netcat ## Social-Engineering Toolkit [Link Simulating Basic Attack](https://www.youtube.com/watch?v=gKykLr59LW8) ## Nikto Scanning von Websiten ## John the ripper [Download](https://www.openwall.com/john/) ### Filtermasken erstellen [Filtermasken](https://github.com/openwall/john/blob/bleeding-jumbo/doc/MASK) Zun‰chst muss man aus einer Datei, die mit einem Passwort gesch¸tzt ist, den Hashwert herausbekommen. Das funktioniert mit `zip2john verschluesselt.zip > hast.txt` f¸r ein Zip File `pdf2john verschluesselt.pdf > hast.txt` sollte eigentlich das Passwort einer Zip-Datei herausfinden Danach wird der Hashwert mit **John the Ripper** gekrackt: `john hash.txt` ### pdf2john funktionert nicht ``` git clone "https://github.com/magnumripper/JohnTheRipper.git" && cd JohnTheRipper/src && ./configure && sudo make -s clean && sudo make -sj4 ``` ### John Maske für nur buchstaben und Zahlen `--mask=[A-Za-z0-9] --max-length=6` ### Cheatsheet oder als PDF [jtr-cheat-sheet.pdf](https://books.hhml.selfhost.co/attachments/1) ### John Resources

- [John jumbo dev release](https://github.com/openwall/john-packages/releases/tag/jumbo-dev) - [John binaries](https://download.openwall.net/pub/projects/john/contrib/) - [John docs](https://nrupentheking.blogspot.com/search/label/Password%20Cracker) - [John docs](https://reusablesec.blogspot.com/) - [Password Analysis and Cracking Kit](https://thesprawl.org/projects/pack/) - [Mangling Rules Generation](http://www.openwall.com/presentations/Passwords12-Mangling-Rules-Generation/)

### John Installation [Genau Beschreibung der Installation](https://books.hhml.selfhost.co/books/linux/page/john-the-ripper-installieren "John the Ripper installieren")

``` git clone https://github.com/openwall/john -b bleeding-jumbo /data/tools/john ; cd /data/tools/john/src/ ; ./configure && make -s clean && make -sj4 ; cd ~ ``` #### John Modes

- Wordlist mode (dictionary attack) - `john --wordlist= ` - Mangling rules mode - `john --wordlist= --rules: ` - Incremental mode - `john --incremental ` - External mode - `john --external: ` - Loopback mode (use .pot files) - `john --loopback ` - Mask mode - `john --mask=?1?1?1?1?1?1?1?1 -1=[A-Z] -min-len=8 ` - Markov mode - `calc_stat markovstats` `john -markov:200 -max-len:12 --mkv-stats=markovstats ` - Prince mode - `john --prince= `

Refer the [link](https://4n3i5v74.github.io/posts/tryhackme-john-the-ripper/) for more examples. #### CPU and GPU options

- List opencl devices - `john --list=opencl-devices` - List formats supported by opencl - `john --list=formats --format=opencl` - Use multiple CPU - `john hashes --wordlist: --rules: --dev=2 --fork=4` - Use multiple GPU - `john hashes --format: --wordlist: --rules: --dev=0,1 --fork=2`

#### Rules

- Single - wordlist - Extra - Jumbo (Single, wordlist and Extra) - KoreLogic - All (Single, wordlist, Extra and KoreLogic)

#### Incremental modes

- Lower (26 char) - Alpha (52 char) - Digits (10 char) - Alnum (62 char)

#### New rule

``` [List.Rules:Tryout] l [convert to lowercase] u [convert to uppercase] c [capitalize] l r [lowercase and reverse (palindrome)] l Az"2015" [lowercase and append "2015" at end of word] l A0"2015" [lowercase and prepend "2015" at end of word] d [duplicate] A0"#"Az"#" [append and prepend "#"] ```

- Display password candidates - `john --wordlist= --stdout --rules:Tryout` - Generate password candidates - `john --wordlist= --stdout=8 --rules:Tryout`

#### Other rules

``` C [lowercase first char, uppercase rest] t [toggle case of all chars] TN [toggle case of char in position N] r [reverse word - test123 -> 321tset] d [duplicate word - test123 -> test123test123] f [reflect word - test123 -> test123321tset] { [rotate word left - test123 -> est123t] } [rotate word right - test123 -> 3test12] $X [append word with X] ^X [prefix word with X] [ [remove first char] ] [remove last char] DN [delete char in posision N] xNM [extract from position N till M chars] iNX [insert X in place of N and shift rest right] oNX [overwrite N with X] S [shift case - test123 -> TEST!@#] V [lowercase vowels, uppercase consonents - test123 -> TeST123] R [shift each char right, using keyboard key - test123 -> yrdy234] L [shift each char left, using keyboard key - test123 -> rwar012] N [reject words unless greater than length N] N [truncate to length N] ``` #### New charset

``` john --make-charset=set.char ``` Create `john.conf` with character set config.

``` # Incremental modes [Incremental:charset] File = $JOHN/set.char MinLen = 0 MaxLen = 30 CharCount = 80 ```

``` john --incremental=charset ``` #### Wordlists

- Sort wordlist - `tr A-Z a-z < | sort -u > ` - Generate wordlist using POT - `cut -d: -f2 john.pot | sort -u > pot.dict` - Generate candidate pwd for slow hash - `john --wordlist= --stdout --rules:Jumbo | unique -mem=25 `

#### External mode

- Create complex password list - [link](http://www.lanmaster53.com/2011/02/creating-complex-password-lists-with-john-the-ripper/) - Generate wordlist according to complexity filter - `./john --wordlist= --stdout --external: > ` - Use adjacent keys on `keyboard` - `john --external:Keyboard `

#### Misc Options

- Hidden options - `john --list=hidden-options` - Display guesses - `john --incremental:Alpha -stdout -session=s1` - Generate guesses with external programs - `crunch 1 6 abcdefg | ./john hashes -stdin -session=s1` - Save session - `john hashes -session=name` - Restore session - `john --restore:name` - Show cracked passwords - `john hashes --pot= --show`

#### Dictionaries

- Generate wordlist from wikipedia - `wget https://raw.githubusercontent.com/zombiesam/wikigen/master/wwg.py ; python wwg.py -u http://pt.wikipedia.org/wiki/Fernando_Pessoa -t 5 -o fernandopessoa -m3` - Aspell dictionary - `apt-get install aspell-es` `aspell dump dicts` `aspell -d es dump master | aspell -l es expand | awk 1 RS=" |\n" > aspell.dic`

---

Version #3 Erstellt: 19 October 2022 10:52:19 von Herr_admin Zuletzt aktualisiert: 19 October 2022 11:18:20 von hermann