Password cracking

password cracking methods and tips

Password cracking is one of the ways to maintain access to a compromised host. After getting access to a machine, pentester can dump the pass db and then crack it offline. This activity lets them access the machine by using valid creds, thus being able to make their control over the machine persistent. John needs username & password hashes to be in the same file. Unshadow comes with John the Ripper unshadow passwd shadow > crackme brute force john -incremental -users:

john --show hashes

dictionary attack john -wordlist<=custom wordlist file> installing password dictionaries

apt-get install seclists

find them in /usr/share/seclists/Passwords/

crack ntlmv2

hashcat -m5600 ntlmhash.txt wordlist.txt --force

A rainbow table that guarantees a 96.8% success rate when cracking a password thats length ranges from 1 to 9 characters and hased with MD5 weight 864Gb!

PreviousDNS enumeration NextSMB and null sessions

Last updated 3 years ago

Was this helpful?