password cracking tool used in kali linux system.

1. Presentation on
John The Ripper and Hydra
Password Cracking Tools

2. PRESENTED BY
Name Roll No:
1. Shahidur Rahman 1703035
2. Md. Raquibul Hoque 1703041
3. Md. Moshiur Rahman 1703025

3. PASSWORD CRACKING
• 1. Low Tech
• - Social Engineering
• - Shoulder surfing
• - password guessing
• 2. Hight Tech
• - Brute –force attack
• - Dictionary attack
• - Rainbow attack

4. PASSWORD CRACKING TOOLS
• John the Ripper
• Aircrack-ng
• RainbowCrack
• Cain and Abel
• THC Hydra
• HashCat
• Crowbar
• OphCrack
• Etc.

5. JOHN THE RIPPER
OVERVIEW
• First stable release in May 2013, Version 1.8
• Initially developed for the Unix operating
system, it now runs on fifteen different
platforms.
• It uses Brute force & Dictionary attack
• It has 3 modes. Single, Incremental & Wordlist

6. TYPES
• 1. John the Ripper Pro -Linux and Mac OSX
• 2. John the Ripper Official –All Platforms
• 3. John the Ripper Community Enhanced –All
Platforms

7. HOW IT WORKS
Open the Tools in Kali linus

8. HOW IT WORKS
• Type “man john” in the terminal

9. HOW IT WORKS
• Add User

10. HOW IT WORKS
• Wordlist and Shadow file

11. HOW IT WORKS
• Shadow file

12. HOW IT WORKS

13. HYDRA
OVERVIEW
Developed by Van Hauser from The Hacker’s Choice and David Maciejak
• Uses a dictionary attack or brute force methods to test for weak or "simple“
passwords.
• Platforms : Linux, Mac OS, Windows/Cygwin etc.
• Its more famous because it can support around 30 protocols like ftp, http, https
etc.
• Other tools like Medusa and Ncrack provide similar speed.
• It is available as a GUI also (even though a little difficult to get in windows).

14. INSTALLING HYDRA
• Linux based
Many have them pre-installed, else $ apt-get install hydra e $ apt-get install hydra $
apt-get install hydra-gtk
• Windows
Download hydra zip file
Install Cygwin
Compile hydra using cygwin

15. HYDRA GUI

16. HYDRA GUI

17. HYDRA GUI

19. HYDRA COMMAND SYNTAX
• Syntax: hydra fir-I LOGIN -L FILE] [p PASSI-P FILE]] I [C FILE]] [e nsr] [0 FILE] [t TASKS] [M
FILE [T TASKS]] 1w TIME] [W TIME] 14] [5 PORT] [x MIN:MAX:CHARSET] [SuvV46]
[service://servertPORTNOPT]] [v/ -V]
• Simplified basic syntax: hydra —1/-L <user> -p/-P <passwords> <IP address> <protocoI><form
parameters> <failed login message>
• -I/-L LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
• -p /-P PASS or -P FILE try password PASS, or load several passwords from FILE
• <IP address> is the host address.
• <protocol> is the protocol used in that page.
• <form parameters> is the parameters when brute forcing web forms
• <failed login message> is the message you get, when you enter invalid usernames and passwords.

20. CONCLUSION
• Password Cracking Depends on
• Attacker’s strengths
• Attacker’s computing resources
• Attacker’s knowledge
• Attacker’s mode of access [ physical or online]
• Strength of the passwords How often you change your passwords?
• How close are the old and new passwords?
• How long is your password?
• Have you used every possible combination alphabets, numbers and special characters?
• How common are your letters, words, numbers or combination?•
• Have you used strings followed by numbers or vice versa, instead of mixing them
randomly?

21. CONCLUSION
Thank you
Any question??