[project]How to hack a password with Kali Linux and countermeasures

overview

In this article, the steps to hack a password with Kali Linux will be shown. The demonstration will be conducted in the Kali Linux OS in the VirtualBox environment.

1. Open terminal in Kali Linux

2. Type the command below to see the hashed password. In this paper, the user “taka” password is the target to hack

3. Type the command below to dump the hashed password to “unshadow.txt.”

4. Check the unshadow.txt file is successfully made or not.

5. Check the content of the unshadow.txt file

6. Move to the following directory.

7. Check the file “rockyou.txt.gz” exists. This file exists as default in Kali Linux.

8. Unzip the file.

9. Check the file was unzipped, and “rockyou.txt” exists.

10. Check how many possible password lists are written in the “rockyou.txt” file.

11. Move back to the home directory

12. Check the files in the home directory

13. Type the command below to hack the password of user taka from the “unshadow.txt” file.

In this case, choose hash type 1800 since Kali Linux uses SHA-512 hash.

14. The command is conducted.

15. The output file “Crack-Password.txt” was created.

16. Check the content of the “Crack-Password.txt” file. The password was cracked.

countermeasures

1. Avoid using short passwords that can be listed in the dictionary or rainbow attacks.

You can set password requirements in Debian and Red hat-based systems with the directory below.

· /etc/pam.d/common-password on Debian

· /etc/security/pwquality.conf on Red hat

2. System administrators are recommended to configure salt hashing in the system.

3. Incorporate Multi-Factor-Authentication (MFA) into each user’s account.

4. Implement a breached password protection tool

5. Forbid the password hints

6. Limit the maximum number of password attempts