Category: Brute-force

All about brute-forcing!

Brute-force, Cracking

Cracking NTLMv2 hashes

Hashcat hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. hashcat currently supports CPU’s, GPU’s other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable distributed password cracking. – https://github.com/hashcat/hashcat Install OpenCL Drivers If you are using Kali …

Brute-force, Cracking

Bruteforce attacks against common database servers

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL). HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible …

Brute-force, VoIP

Dictionary attacks against the VoIP SIP register hash

sipbrute is a utility to perform dictionary attacks against the VoIP SIP Register hash. Usage $ ./sipbrute -h Usage of ./sipbrute: -dict string the dictionary wordlist -path string the SIP register UAC response file -verbose stdout every derivation attempt$ ./sipbrute -h Usage of ./sipbrute: -dict string the dictionary wordlist -path string the SIP register UAC …

Brute-force

A modular and flexible brute-forcer

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors. Currently it supports the following modules: * ftp_login : Brute-force FTP * ssh_login : …

Brute-force, Enumeration, Information Gathering

SubBrute – fast subdomain enumeration tool

SubBrute is a DNS meta-query spider tool that enumerates DNS records, and subdomains. SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design …

Brute-force, Cracking, John the Ripper

Crack RAR passwords – Bruteforcing

1> Open your kali Distribution 2> Extract password hash from your rar file: /usr/share/metasploit-framework/data/john/run.linux.x64.mmx/rar2john Desktop/myfile.rar > Desktop/myrarfile.hash/usr/share/metasploit-framework/data/john/run.linux.x64.mmx/rar2john Desktop/myfile.rar > Desktop/myrarfile.hash 3> Try to crack rar file password by bruteforcing it with john and its default passwords list. john Desktop/myrarfile.hashjohn Desktop/myrarfile.hash John Homepage: http://www.openwall.com/john/

Brute-force, Cracking, John the Ripper

Crack linux passwords – Bruteforce

> Open your kali distribution where john the ripper is already installed. > Assuming you have a copy of a passwd file and a copy of a shadow file. > Unshadow files: /usr/sbin/unshadow /path/to/file/passwd /path/to/file/shadow > /tmp/passwords2crack/usr/sbin/unshadow /path/to/file/passwd /path/to/file/shadow > /tmp/passwords2crack > Crack passwords with john by bruteforcing them. john /tmp/passwords2crack –showjohn /tmp/passwords2crack –show or …

Brute-force, Cracking, John the Ripper

Crack zip passwords – Bruteforcing

1> Open your kali Distribution 2> Extract password hash from your zip file: /usr/share/metasploit-framework/data/john/run.linux.x64.mmx/zip2john Desktop/myfile.zip > Desktop/myzipfile.hash/usr/share/metasploit-framework/data/john/run.linux.x64.mmx/zip2john Desktop/myfile.zip > Desktop/myzipfile.hash 3> Try to crack password by bruteforcing it using john and its default passwords lists. john Desktop/myzipfile.hashjohn Desktop/myzipfile.hash John Homepage: http://www.openwall.com/john/ Usage: john [OPTIONS] [PASSWORD-FILES]john [OPTIONS] [PASSWORD-FILES] Options: –config=FILE use FILE instead of john.conf or …

Brute-force, Cracking, hydra

Crack FTP passwords – Bruteforcing

Hydra – is a very fast network logon cracker which support many different services. FTP: hydra -l root -P passwordslist.txt -e ns -f -t 2 -vV x.x.x.x ftphydra -l root -P passwordslist.txt -e ns -f -t 2 -vV x.x.x.x ftp -l root try login with root username -P passwordslist.txt load passwords from file passwordslist.txt -e …