量子哈希unshadow /etc/passwd > hash.txt
john --user=root --wordlist=passwd hash.txt
John是一种密码破解工具,它是Kali Linux自带的。它支持使用密码本进行破解。John主要用于破解root用户的开机口令,如下图所示。然而,重要的是要有一个可靠的密码本,否则一切努力都将白费。在这个例子中,我成功破解了我的root密码,它是h3ll0。
zip2john passwd.zip > passwd.hash
john passwd.hash那么如何破解ZIP加密文件呢?原理是相同的,首先获取Hash文件,然后使用John工具进行破解。以下是具体步骤:
第一步:使用zip2john获取中间的Hash文件。
命令如下:zip2john 文件名.zip > passwd.hash
第二步:使用John破解中间的Hash文件。
命令如下:john passwd.hash
成功破解后,我们获得了密码:123456。可以看出,这个密码是从自带的密码本password.lst中破解出来的。该密码本中包含了大约3000个常用密码。然而,如果您设置的密码不在密码本中,那么破解将变得非常困难。我尝试设置了一个不在密码本中的密码1993,结果很长时间都无法破解成功。毕竟,这种方法本质上是暴力破解,因此不推荐在破解ZIP加密文件时使用这种方式。
破解模式的具体方法 破解的密码长度 所包含的字符
Incremental:all 0-8 All 95 printable ASCII characters
Incremental:all15 0-5 All 95 printable ASCII characters
Incremental:all6 6 All 95 printable ASCII characters
Incremental:all7 7 All 95 printable ASCII characters
Incremental:all8 8 All 95 printable ASCII characters
Incremental:alpha 1-8 A-Z 纯大写字母
Incremental:digits 1-8 0-9 纯数字
Incremental:lanman 0-7 A-Z, 0-9, and some special characters 大写字母,数字加一些特殊字符Usage: john [OPTIONS] [PASSWORD-FILES]
--single[=SECTION[,..]] "single crack" mode, using default or named rules
--single=:rule[,..] same, using "immediate" rule(s)
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin
--pipe like --stdin, but bulk reads, and allows rules
--loopback[=FILE] like --wordlist, but extract words from a .pot file
--dupe-suppression suppress all dupes in wordlist (and force preload)
--prince[=FILE] PRINCE mode, read words from FILE
--encoding=NAME input encoding (eg. UTF-8, ISO-8859-1). See also
doc/ENCODINGS and --list=hidden-options.
--rules[=SECTION[,..]] enable word mangling rules (for wordlist or PRINCE
modes), using default or named rules
--rules=:rule[;..]] same, using "immediate" rule(s)
--rules-stack=SECTION[,..] stacked rules, applied after regular rules or to
modes that otherwise don't support rules
--rules-stack=:rule[;..] same, using "immediate" rule(s)
--incremental[=MODE] "incremental" mode [using section MODE]
--mask[=MASK] mask mode using MASK (or default from john.conf)
--markov[=OPTIONS] "Markov" mode (see doc/MARKOV)
--external=MODE external mode or word filter
--subsets[=CHARSET] "subsets" mode (see doc/SUBSETS)
--stdout[=LENGTH] just output candidate passwords [cut at LENGTH]
--restore[=NAME] restore an interrupted session [called NAME]
--session=NAME give a new session the NAME
--status[=NAME] print status of a session [called NAME]
--make-charset=FILE make a charset file. It will be overwritten
--show[=left] show cracked passwords [if =left, then uncracked]
--test[=TIME] run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..] load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
--salts=[-]COUNT[:MAX] load salts with[out] COUNT [to MAX] hashes
--costs=[-]C[:M][,...] load salts with[out] cost value Cn [to Mn]. For
tunable cost parameters, see doc/OPTIONS
--save-memory=LEVEL enable memory saving, at LEVEL 1..3
--node=MIN[-MAX]/TOTAL this node's number range out of TOTAL count
--fork=N fork N processes
--pot=NAME pot file to use
--list=WHAT list capabilities, see --list=help or doc/OPTIONS
--format=NAME force hash of type NAME. The supported formats can
be seen with --list=formats and --list=subformats
