# Password Cracking Tips & Tricks

As we've seen, there are numerous ways in which we can obtain credential material for a user - but this is not always in the form of a plaintext password. Instead, it's more common these days to retrieve various hashes. These could be NTLM, NetNTLM, SHA or even Kerberos tickets.

Some hashes such as NTLM can be utilised as they are (e.g. pass the hash), but others are not so useful unless we can crack them to recover an original plaintext password. Regardless of the type of hash, there are generic password cracking methodologies that we'll cover here.

Two very common applications to achieve this are [hashcat](https://hashcat.net/hashcat/) and [John the Ripper](https://www.openwall.com/john/).

If you want to copy the hashes to try and crack them yourself, you will need to do so on your own computer since the lab VMs are not compute optimised.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://yamortsa.gitbook.io/rto/password-cracking-tips-and-tricks/password-cracking-tips-and-tricks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.