Tag: passwords

Brute-force

A modular and flexible brute-forcer

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors. Currently it supports the following modules: * ftp_login : Brute-force FTP * ssh_login : …

Brute-force, Cracking, John the Ripper

Crack linux passwords – Bruteforce

> Open your kali distribution where john the ripper is already installed. > Assuming you have a copy of a passwd file and a copy of a shadow file. > Unshadow files: /usr/sbin/unshadow /path/to/file/passwd /path/to/file/shadow > /tmp/passwords2crack/usr/sbin/unshadow /path/to/file/passwd /path/to/file/shadow > /tmp/passwords2crack > Crack passwords with john by bruteforcing them. john /tmp/passwords2crack –showjohn /tmp/passwords2crack –show or …

Brute-force, Cracking, hydra

Crack FTP passwords – Bruteforcing

Hydra – is a very fast network logon cracker which support many different services. FTP: hydra -l root -P passwordslist.txt -e ns -f -t 2 -vV x.x.x.x ftphydra -l root -P passwordslist.txt -e ns -f -t 2 -vV x.x.x.x ftp -l root try login with root username -P passwordslist.txt load passwords from file passwordslist.txt -e …

C#, Hacking, Passwords

How to retreive Filezilla FTP passwords using C#

FileZilla stores passwords in two xml files. In recent servers file(recentservers.xml) and site manager file(sitemanager.xml). void ReadFileZillaFile(String filename) { try { if (File.Exists(filename)) { Console.WriteLine("Reading file " + filename + "."); Console.WriteLine("—–"); XmlTextReader reader = new XmlTextReader(filename); XmlDocument doc = new XmlDocument(); doc.Load(reader); foreach (XmlNode node in doc.DocumentElement.ChildNodes[0].ChildNodes) { foreach (XmlNode childNode in node.ChildNodes) { …

Microsoft SQL Server

Check for null passwords in Sql Server

One of the many ways to secure SQL Server is to review all passwords. You must also check for null passwords and if you locate any, change them. To list all users with null passwords, execute the following sql command: USE master GO   SELECT name, password FROM syslogins WHERE password IS NULL;use master go …

Sniffing, Wireshark

Sniffing email passwords with Wireshark

> Open Wireshark.   > Select an interface and start capturing in promiscuous mode.   > To capture credentials from POP apply this filter: pop.request.command == "USER" || pop.request.command == "PASS"pop.request.command == "USER" || pop.request.command == "PASS"   > To capture credentials from IMAP apply this filter: imap.request contains "login"imap.request contains "login"   > To …

Cracking, John the Ripper, Metasploit, MySQL

Cracking MySQL passwords with John The Ripper

Dump MySQL Password Hashes mysql_hashdump extracts the usernames and encrypted password hashes from a MySQL server. You can then use jtr_mysql_fast module to crack them. The module is located in auxiliary/scanner/mysql. To use it set RHOSTS option to your target’s ip address and increase THREADS value. If you have managed to reveal root password then …

Brute-force, Cracking, hydra

Crack passwords with hydra

THC-Hydra – A very fast network logon cracker which support many different services. See feature sets and services coverage page – incl. a speed comparison against ncrack and medusa. Hydra options: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] …

Passwords

How to manage your passwords in a secure way

Today you need to remember many passwords. You need a password or passwords for Windows or Linux logon, your e-mail accounts, your websites, your facebook account, your twitter account etc. You should use different passwords for each account. If you use only one password everywhere and someone gets this password you have a problem. I …