Category: Cracking

All about cracking!

Brute-force, Cracking

Cracking NTLMv2 hashes

Hashcat hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. hashcat currently supports CPU’s, GPU’s other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable distributed password cracking. – https://github.com/hashcat/hashcat Install OpenCL Drivers If you are using Kali …

Brute-force, Cracking

Bruteforce attacks against common database servers

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL). HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible …

Cracking

Crack hashes with rainbow tables

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers. A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, then compare the hashes …

Brute-force, VoIP

Dictionary attacks against the VoIP SIP register hash

sipbrute is a utility to perform dictionary attacks against the VoIP SIP Register hash. Usage $ ./sipbrute -h Usage of ./sipbrute: -dict string the dictionary wordlist -path string the SIP register UAC response file -verbose stdout every derivation attempt$ ./sipbrute -h Usage of ./sipbrute: -dict string the dictionary wordlist -path string the SIP register UAC …

Brute-force

A modular and flexible brute-forcer

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors. Currently it supports the following modules: * ftp_login : Brute-force FTP * ssh_login : …

Brute-force, Enumeration, Information Gathering

SubBrute – fast subdomain enumeration tool

SubBrute is a DNS meta-query spider tool that enumerates DNS records, and subdomains. SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design …

Cracking, Wordlist

Generating password files based on web pages

Brutescrape | A web scraper for generating password files based on plain text found in specific web pages. Written by Peter Kim. Brutescrape is a tool designed to parse out text from specific web pages and generate password lists for bruteforcing with this text. The main idea in mind was to be able to create …

Cracking, Wordlist

Create word lists and dictionaries

Create word lists and dictionaries based on websites, Twitter, PDFs, Reddit and emails. Wordhound is a tool that allows for the automated and targeted construction of wordlists and dictionaries for use in conjunction with password attacks. Run python setup.py install && ./setup.shpython setup.py install && ./setup.sh Edit wordhound.conf.dist and input the relevant information such as …