- /etc/passwd and /etc/shadow files
- $1:md5, $2:Blowfish, $5:SHA-256, $6:SHA-512
- post/linux/gather/hashdump: generates loot file used in john
- post/multi/gather/ssh_creds
- post/multi/gather/docker_creds
- post/linux/gather/hashdump
- post/linux/gather/ecryptfs_creds
- post/linux/gather/enum_psk : wifi creds
- post/linux/gather/enum_xchat
- post/linux/gather/phpmyadmin_credsteal
- post/linux/gather/pptpd_chap_secrets : vpn creds
- post/linux/manage/sshkey_persistence
- chmod 0400 ssh_key
- ssh -i ssh_key [email protected]
- auxiliary/analyze/crack_linux
- set SHA512 true
- john --list=formats
- john --format=sha512crypt <hash_file> --wordlist=<wordlist_path>
- -m specifies hash_type. eg. 1000=ntlm
- -a specifies attack_mode. eg 3=brute-force
- hashcat -m 1800 -a3 <hash_file>