Lesson 112 : Gathering Password And Cracking The Hash Video Lecture | Ethical Hacking using Kali Linux (in English) - Software Development

hey guys welcome to the next tutorial of
ethical hacking and penetration testing
we are Kali Linux so in the previous
tutorial I taught you how we could
actually go ahead and get into any
random website or if they're vulnerable
to SQL injection and we did that through
SQL mapping so what we did in the
previous tutorials world we first found
a vulnerable website through Google Talk
or via other methods and then we need
some initial checks to confirm whether
the website is vulnerable SQL injection
or not and then I quoted you some
different examples of what the errors
would look like and how they would run
exactly and I finally taught us kill
mapping to go ahead and gather the user
name and password so we have the user
name but the password won't be the same
as we thought so once you go ahead and
gather the website the SQL query would
return one entry it would be that this
is how it would look like on your Cali
system that just ignored these specific
s over here it's how Kali Linux goes
ahead and prints out everything so once
it has retrieved this is what it's
showing as the password
it is analyzing table them for possible
password hashes through SEO them a
website so we have one entry for the
table user info this is the user
password but the user name is user X as
I taught you previously but we are
almost there we even got the password
but this does not look like the password
we can go to extract the password from
Target columns of table target table of
database through SQL map injection you
probably know how we could go ahead and
get that rather now because I taught it
in the previous tutorial but hang on
this password looks funny because this
cannot be someone's password especially
someone who leaves their website
vulnerable just like that
they cannot have a strong password like
that and trust me cuz this is an
extremely strong password if you have
this so that's exactly right this is a
hash password
that means the password is encrypted and
now we need to go and decrypt it so I
have covered on how to decrypt passwords
previous
Lior cracking mmm defy using the hash
cat another stuff PHP PHP BB MySQL and
sha-1 passwords with hash cat on
Catalina's previously if you have miss
there then you're missing a lot because
if you are not seeing those previous
tutorials of mine then you probably
won't have that much idea as to what I'm
talking about now but if you have seen
that I'll cover it if you have seen or
not I was usually go ahead and cover it
out for you and but you should really
learn how to go ahead and use the hash
card so cracking the password is not
that difficult the hashed password over
here is 2 4 iy b c 1 7 x KO e or 0
whatever it is so how do you know what
type of hash is that that's the first
thing so the first thing that we need to
do in cracking the password would be to
go ahead and identify the hash type
luckily Caroline exploits a nice tool
and we can use that tool to identify
which type of hash this is in command
line in the command prompt that's the
terminal for Kali Linux we can simply go
ahead and Brown page the hash value so
as soon as you go ahead and paste this
specific value in the terminal this will
go ahead and show you exactly varsity's
this is a DES unix hash so cracking this
hash is quite difficult it's quad that
difficult and the unless it is an
extremely big password so crack this
hash we can go and use our CUDA hash cat
to go ahead and download this to go
ahead and crack this CU d aah a sh c 80
cuda hash tag that's a tool that we
would be using so first of all i need to
know which code to use for the DES
hashes so let's check that so in order
for us to do that we need to type in
cute a hash cat that Cu da h a sh CA t -
- help and I'll just go ahead and type
it out to you and I'll show you so the
password would be something like I'll
just good and increase the perfect so
the terminal in V would be typing this
in terminal
see you da soup cuter hash cat and - -
health and then this specific thing bar
whatever it is called grep des so as
soon as you go to hit enter it will be
either it will be showing you that it's
either 1,500 or or 3100 but it was a
MySQL database so it must be 1,500 so
I'm running a computer that got that has
an Nvidia graphics card so that means
I'll be using CUDA hash cat on my laptop
I have got an AMD ATI graphics card so
I'll be using the OC hash code on my
laptop if you're on VirtualBox or VMware
neither will work you must install Kali
in either a persistent USB in or in
hardness to go ahead and actually crack
these things because a graphic card
cracks much faster and in much better
way if you have an AMD you can use ocl
hash cat if you have Nvidia you can go
and use Twitter hash cat so I've saved
the hash value over here in DES hash
file so the command that I would be
running to go ahead and crack our own
hash would be CUDA hash cat - m and
since it is a 1500 I'll just I 1500
since it is in a MySQL - a space 0 and
space / root / SQL slash des Peter -
that is the place where our hash would
be and space / root / SQL slash rock you
period txt and if you are wondering what
rock you is that means that you have not
seen my previous tutorial in which I
have told you that rock qyz are
specifically designed for Kali Linux
rainbow table that that has n number of
or more than even 14 lakh specific
passwords or texture that can go to help
you crack your password it's the kind of
Bruce false brute-force type of stuff so
the interesting thing over here is that
usually hash Scott was unable to
determine the code for DES hash and it's
in the help menu however both kewda hash
cat and OCD hash cat found and cracked
the key so if you have gone through this
if you successfully cracked then it is
good for you if you have not then I let
you know that the password is ABCD at
the rate one two three
so not ABCD it's ABC at the ABC one two
three that is the password so that's the
reason it is such an easy password so
that's 24 I by B see that I have taught
you so now we have the password for this
user and that's how we can go ahead and
crack specific steps so the conclusion
for this is that there are many other
ways to get into a database or obtain
other users information you should be
able to go out and practice these
techniques on your websites that have
permission to and not on any specific
thing else so we have that would be it
for this tutorial and that would be the
end of SQL injection technique or how we
could learn in SQL map but there are
many other SQL tools that are still
available in Kali Linux that could go
and help you inject a different kinds of
queries into the database to not only
get the user access let's say for
example you got this user access
username and password you went into the
database and you gathered all the
information that you wanted and you came
back out
so the question over here is that if
there is if you're actually doing this
for some reason and if there is a
foreign singing investigator
that's the CH f5 computer hacking
falling investigator he will be easily
able to find that used whose ID you used
and what information we're there but if
you code and use this SQL queries in
proper you won't even have to use any
specific username you can simply go
ahead get into the database and get out
without even anyone identifying you who
you are exactly and they won't even I
have an impression left behind to go
ahead and think that if ever anyone was
actually there in the system because
they would not even have any specific
person gathering all the databases
especially if you are have accessed it
through a user then it would surely be
showing that this user has access this
database but if there is no user then
whom will they track that is a question
so that's it for this tutorial
gather much information as you can about
the SQL map and SQL hash queries that he
could go ahead from kattiline x
carolinas is a very awesome operating
system that could do much more things
than just these tutorials of mine so
that's it for this tutorial have a nice
day ahead