Tag: cracking

Brute-force, Cracking

Cracking NTLMv2 hashes

Hashcat hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. hashcat currently supports CPU’s, GPU’s other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable distributed password cracking. – https://github.com/hashcat/hashcat Install OpenCL Drivers If you are using Kali …

Brute-force, Cracking

Bruteforce attacks against common database servers

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL). HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible …

Cracking

Crack hashes with rainbow tables

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers. A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, then compare the hashes …

Cracking, Wordlist

Generating password files based on web pages

Brutescrape | A web scraper for generating password files based on plain text found in specific web pages. Written by Peter Kim. Brutescrape is a tool designed to parse out text from specific web pages and generate password lists for bruteforcing with this text. The main idea in mind was to be able to create …

Cracking, Wordlist

Create word lists and dictionaries

Create word lists and dictionaries based on websites, Twitter, PDFs, Reddit and emails. Wordhound is a tool that allows for the automated and targeted construction of wordlists and dictionaries for use in conjunction with password attacks. Run python setup.py install && ./setup.shpython setup.py install && ./setup.sh Edit wordhound.conf.dist and input the relevant information such as …

Cracking, Wireless

Aircrack-ng capture handshake and save it to file

Enable monitor mode airmon-ng start wlan0airmon-ng start wlan0 List nearest WiFi networks and channels airodump-ng mon0airodump-ng mon0 Capture packets from your target network channel and save them to file airodump-ng -c [channel] –bssid [bssid] -w /root/Desktop/ [monitor interface]airodump-ng -c [channel] –bssid [bssid] -w /root/Desktop/ [monitor interface] Deauthenticate a client from the network aireplay-ng –deauth 2 …

Brute-force, Cracking, John the Ripper

Crack RAR passwords – Bruteforcing

1> Open your kali Distribution 2> Extract password hash from your rar file: /usr/share/metasploit-framework/data/john/run.linux.x64.mmx/rar2john Desktop/myfile.rar > Desktop/myrarfile.hash/usr/share/metasploit-framework/data/john/run.linux.x64.mmx/rar2john Desktop/myfile.rar > Desktop/myrarfile.hash 3> Try to crack rar file password by bruteforcing it with john and its default passwords list. john Desktop/myrarfile.hashjohn Desktop/myrarfile.hash John Homepage: http://www.openwall.com/john/

Brute-force, Cracking, John the Ripper

Crack linux passwords – Bruteforce

> Open your kali distribution where john the ripper is already installed. > Assuming you have a copy of a passwd file and a copy of a shadow file. > Unshadow files: /usr/sbin/unshadow /path/to/file/passwd /path/to/file/shadow > /tmp/passwords2crack/usr/sbin/unshadow /path/to/file/passwd /path/to/file/shadow > /tmp/passwords2crack > Crack passwords with john by bruteforcing them. john /tmp/passwords2crack –showjohn /tmp/passwords2crack –show or …

Brute-force, Cracking, John the Ripper

Crack zip passwords – Bruteforcing

1> Open your kali Distribution 2> Extract password hash from your zip file: /usr/share/metasploit-framework/data/john/run.linux.x64.mmx/zip2john Desktop/myfile.zip > Desktop/myzipfile.hash/usr/share/metasploit-framework/data/john/run.linux.x64.mmx/zip2john Desktop/myfile.zip > Desktop/myzipfile.hash 3> Try to crack password by bruteforcing it using john and its default passwords lists. john Desktop/myzipfile.hashjohn Desktop/myzipfile.hash John Homepage: http://www.openwall.com/john/ Usage: john [OPTIONS] [PASSWORD-FILES]john [OPTIONS] [PASSWORD-FILES] Options: –config=FILE use FILE instead of john.conf or …