🔑 Password Cracking Lab

PRACIVO LAB — INTENTIONALLY VULNERABLE
Home Hash Identify Crack a Hash Hashcat Guide John the Ripper Sample Hashes Credential Dumping
⚠️ Pracivo Security Lab — Hash identification, cracking techniques, Hashcat and John the Ripper guides.

John the Ripper Guide

# INSTALLATION
# Linux: apt install john
# Kali: pre-installed (use /usr/share/john/wordlist.txt)

# BASIC CRACK (auto-detects hash type)
john hashes.txt

# SPECIFY WORDLIST
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

# SHOW CRACKED PASSWORDS
john --show hashes.txt

# SPECIFY HASH FORMAT
john --format=NT hashes.txt                    # NTLM
john --format=sha512crypt shadow.txt           # Linux shadow
john --format=bcrypt hashes.txt                # bcrypt
john --list=formats                            # List all formats

# CRACK LINUX /ETC/SHADOW
unshadow /etc/passwd /etc/shadow > combined.txt
john --wordlist=rockyou.txt combined.txt

# CRACK WINDOWS SAM + SYSTEM
# First extract with: samdump2 SYSTEM SAM > hashes.txt
john --format=NT hashes.txt

# INCREMENTAL (brute force)
john --incremental hashes.txt
john --incremental=digits hashes.txt           # digits only

# RULE-BASED
john --wordlist=rockyou.txt --rules hashes.txt

# ZIP/RAR/PDF PASSWORD
zip2john protected.zip > zip_hash.txt
john zip_hash.txt --wordlist=rockyou.txt

rar2john protected.rar > rar_hash.txt
john rar_hash.txt --wordlist=rockyou.txt

pdf2john protected.pdf > pdf_hash.txt
john pdf_hash.txt