πŸ“–
πŸ“–
πŸ“–
πŸ“–
Jacob Shodd
Search…
The Hitchhiker's Guide to Random Knowledge
Cheat Sheets
Security
File Transferring
Reverse Shells
Password Attacks
Enumeration
One Liners
Writeups
Hack The Box
Over The Wire
/dev/random
GoBot
Resume
Powered By GitBook
Password Attacks
This page is were I'll store all of my password attacking commands and tips. For local hash cracking I'll usually default to Hashcat. Hashcat is going to work best when running on your host machine rather than inside of a VM, especially if your host machine has a video card installed. When utilizing a graphics card Hashcat can be much faster than john the ripper, but there are still some cases where we'll use the tools provided by john.

Wordlists

  • ​seclists​
  • apt install wordlists
    • /usr/share/wordlists/rockyou.txt.gz

Hash Cracking

Unix MD5 Hashes:

1
echo '$1$cVbu7POZ$WB/V36i/G00QKzHkkqWig/' > hashes.txt
2
.\hashcat64.exe -o cracked.txt -m 500 .\hashes.txt .\rockyou.txt
3
cat cracked.txt
Copied!

Windows NTLM Hashes:

1
echo C5E0002FDE3F5EB2CF5730FFEE58EBCC > hashes.txt
2
.\hashcat64.exe -o cracked.txt -m 1000 .\hashes.txt .\rockyou.txt
3
cat cracked.txt
Copied!

Password Locked Private RSA Key:

This is going to be one of the few times where we use john.
1
python /usr/share/john/ssh2john.py locked_key.pem > locked_key.hash
2
john --wordlist=/usr/share/wordlists/rockyou.txt joanna.hash
Copied!

Web Applications

HTTP Post Form:

1
hydra -P /usr/share/wordlists/nmap.lst -l admin 10.10.10.10 http-post-form "/path/to/login/admin.php:username=^USER^&password=^PASS^:Incorrect"
Copied!
Previous
Reverse Shells
Next
Enumeration
Last modified 3mo ago
Copy link
Contents
Wordlists
Hash Cracking
Unix MD5 Hashes:
Windows NTLM Hashes:
Password Locked Private RSA Key:
Web Applications
HTTP Post Form: