Tuesday, 29 September 2015

How to connect to WiFi using command line Ubuntu, Debian etc.

Tried to upgrade to Ubuntu 15.10 Beta 2, rebooted  and my system was broken. Could not connect to LAN, so my only option was to connect to Wifi via command line to hopefully repair my system.

This is what I did.

First, open a terminal:

Ctrl-Alt-T

If you got WPA like me you need wpa_supplicant to set it up, because iw can only handle WEP.

To bring up your wireless device (most likely wlan0):
sudo -s
ifconfig wlan0 up
#now scan for available wifi networks and note the ssid of your device
iwlist wlan0 scan
In /etc/wpa_supplicant.conf we need to put our ssid and password:
nano /etc/wpa_supplicant.conf
Example config:
network={
                     ssid="ssid"
                     psk="wifi password"
}

Ctrl + A to close and save.
To connect:
sudo wpa_supplicant -B -iwlan0 -c/etc/wpa_supplicant.conf -Dwext
Open a second tab/terminal:
sudo dhclient wlan0
Your connection should now work!

Sunday, 6 September 2015

How to crack MD5 hashes with hashcat

OS: Ubuntu 15.04

There is also a GPU version (oclhashcat), but I am on my notebook so I have to use the CPU only version, which - of course - is much slower.

Download the latest hashcat version here: https://hashcat.net/hashcat/

Download a wordlist: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

Create a MD5 hash: E.g.: 'hello'

echo -n "hello" | md5sum
5d41402abc4b2a76b9719d911017c592

Next, extract the hashcat archive and create a .txt file with the md5 hash(es) within the folder. Also, save the wordlist in the hashcat folder.

Start hashcat. Dictionary based attack.


Command:

./hashcat-cli64.bin -n 2 -m 0 -a 8  test.txt realhuman_phill.txt

-n,   --threads=NUM                 Number of threads
-m,  --hash-type=NUM              Hash-type
-a,  --attack-mode=NUM          Attack-mode

--> use ./hashcat-cli64.bin -h to display all available options.

test.txt is the file with the md5 hash(es) and realhuman_phill.txt is the wordlist.

Wait...


hashcat will create a filed named hashcat.pot which contains successfully cracked hashes. You can display its contents with cat:

user@user:~/Desktop/hashcat-0.50$ cat '/home/user/Desktop/hashcat-0.50/hashcat.pot'
5d41402abc4b2a76b9719d911017c592:hello

There you go: hello. 

Brute-force


If you want to read about brute-force (masked) attack have a look here: http://www.unix-ninja.com/p/Exploiting_masks_in_Hashcat_for_fun_and_profit/

Quick example of a brute-force attack for the md5 hash 'cat': 5d41402abc4b2a76b9719d911017c592


./hashcat-cli64.bin -n 2 -m 0 -a 3 test.txt ?a?a?a

?a?a?a specifies to go through all character combinations exactly 3 characters long. ?l?l?l would be lower-case only:
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = !"#$%&'()*+,-./:;<=>?@[]^_`{|}~
?a = ?l?u?d?s