| description |
|---|
Password1234! |
{% tabs %} {% tab title="General Guides" %}
- https://alexandreborgesbrazil.files.wordpress.com/2013/08/introduction_to_password_cracking_part_1.pdf
- https://medium.com/bugbountywriteup/pwning-wordpress-passwords-2caf12216956
- https://xapax.github.io/security/#attacking_active_directory_domain/cracking_hashes/cracking_hashes/
- https://xapax.github.io/security/#attacking_active_directory_domain/cracking_hashes/generate_password_list/
- Operator Handbook: Password Cracking Methodology - pg. 243
- Penetration Testing: Password Attacks - pg.197 {% endtab %}
{% tab title="Default Passwords" %}
- http://critifence.com/default-password-database/
- https://default-password.info/
- https://www.routerpasswords.com
- http://www.phenoelit.org/dpl/dpl.html
- https://cirt.net/passwords
- https://192-168-1-1ip.mobi/default-router-passwords-list
- http://www.defaultpassword.com/ {% endtab %}
{% tab title="WordLists" %}
- Awesome Lists Collection: Wordlists
- SecLists - Daniel Miessler's gold standard of wordlists
- berzerk0/Probable-Wordlists
- WeakPass - Open source project containing collected wordlists from across the web
- https://packetstormsecurity.com/Crackers/wordlists/
- https://www.openwall.com/wordlists/
- jeanphorn/wordlist
- Jhaddix's wordlist - Bug Bounty master Jason Haddix's master wordlist made from every dns enumeration tool... ever. Please excuse the lewd entries =/
- https://github.com/kaonashi-passwords/Kaonashi - Wordlist, rules and masks from Kaonashi project (RootedCON 2019) {% endtab %}
{% tab title="Wordlist Generation Tools" %}
- CEWL - CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.
- Crunch - Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.
- BruteScrape - A web scraper for generating password files based on plain text found
- Mentalist - Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
Wordlist Rules
- https://github.com/hashcat/hashcat/tree/master/rules
- http://contest-2010.korelogic.com/rules-hashcat.html
- https://github.com/cyberspacekittens/nsa-rules
- https://github.com/cyberspacekittens/Hob0Rules
- https://github.com/cyberspacekittens/password_cracking_rules {% endtab %} {% endtabs %}
Hash Identification
- http://www.101hacker.com/2010/12/hashes-and-seeds-know-basics.html
- HashID - Identify the different types of hashes used to encrypt data and especially passwords.
- haiti - Hash Identification tool.
- hash-identifier
Password Spraying
- SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
- Trident - automated password spraying tool
- CredKing - Spray with AWS Lambda
- Fireprox - Spray with AWS proxies
- SharpHose - C# spray utility for Cobalt Strike
- Patator - flexible brute/spray tool
- DomainPasswordSpray - PS spray tool
- Spray - A Password Spraying tool for Active Directory Credentials
- Ruler - Remote exchange server spray and utility
- kerbrute - A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication
- brutespray - This Python script takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa.
- o365spray - o365spray ia a username enumeration and password spraying tool aimed at Microsoft Office 365 (O365).
- ShadowSpray - A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
Reference
Password Guessing Tools
- Prince - Standalone password candidate generator using the PRINCE algorithm
- Talon - A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.
- https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/melicher
- PassGAN - A Deep Learning Approach for Password Guessing
{% tabs %} {% tab title="Online Cracking" %}
- https://crackstation.net/
- https://www.cmd5.org/
- https://hashkiller.io/listmanager
- https://www.onlinehashcrack.com/
- https://gpuhash.me/
- https://crack.sh/
- https://passwordrecovery.io/
- http://cracker.offensive-security.com/ {% endtab %}
{% tab title="Offline Cracking" %}
- HateCrack - A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
- Password Analysis and Cracking Kit - Collection of utilities for analyzing passwords for cracking and guessing
- MDXFind - the CPU-based hash-cracking tool
- Tech Solvency - MDXfind mirror
- MDXfind Bible | Infosec and Password Cracking Blog
- Operator Handbook: MDXFind - pg. 195
- Ciphey - Fully automated decryption/decoding/cracking tool using natural language processing & artificial intelligence, along with some common sense.
- cmospwd - a cross-platform tool to decrypt password stored in CMOS used to access a computer’s BIOS setup.
- crack - Crack is program designed to quickly locate vulnerabilities in Unix (or other) password files by scanning the contents of a password file, looking for users who have misguidedly chosen a weak login password.
- rainbowcrack - RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables.
- hashview - A web front-end for password cracking and analytics
- https://www.hashview.io/ {% endtab %}
{% tab title="Hashcat" %}
World's fastest and most advanced password recovery utility
- HashCat Utilities - https://github.com/hashcat/hashcat-utils
- HashCat Wiki - https://hashcat.net/wiki/
- HAT- Hashcat Automation Tool - An Automated Hashcat Tool for common wordlists and rules to speed up the process of cracking hashes during engagements.
- crackerjack - Web GUI for HashCat
- hcxtools - Portable solution for capturing wlan traffic and conversion to hashcat formats (recommended by hashcat) and to John the Ripper formats.
- https://www.blackhillsinfosec.com/hashcat-4-10-cheat-sheet-v-1-2018-1/
- https://github.com/hashcat/hashcat/tree/master/rules
- http://contest-2010.korelogic.com/rules-hashcat.html
- Operator Handbook: Hashcat - pg. 90
GPU cracking:
$ hashcat -m 500 -a 0 -o output.txt -remove hashes.txt /usr/share/wordlists/rockyou.txt
{% endtab %}
{% tab title="JohnTheRipper" %}
John The Ripper - The John The Ripper module is used to identify weak passwords that have been acquired as hashed files (loot) or raw LANMAN/NTLM hashes (hashdump). The goal of this module is to find trivial passwords in a short amount of time. To crack complex passwords or use large wordlists, John the Ripper should be used outside of Metasploit.
- https://github.com/openwall/john
- https://tryhackme.com/room/johntheripper0
- Jumbo John - John the Ripper distro with added features
- https://www.openwall.com/john/k/john-1.9.0-jumbo-1-win64.zip
- Operator Handbook: John the Ripper - pg. 104
Useage
- Basic usage with auto guessing of hash type
- #john --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt
- ID Hash type
#wget https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py- #
python3 hash-identifier.py
- Specific format hash crack
- #john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt
- Crack NTLM Hashes
- --format=NT
- Cracking /etc/shadow hashes
- The unshadow tool can crack an encrypted copy of the /etc/shadow file with a copy of the /etc/passwd file
- # unshadow local_passwd local_shadow > unshadowed.txt
- # john --format=sha512crypt unshadowed.txt
- Single Crack Mode
- Used for Word mangling using the username
- # john --single --format=raw-sha256 hashes.txt
- Cracking a Zip File
- Use zip2john tool to convert the zip file into a hash format that john can use.
- #zip2john [opt] [zip file] > [out file]
- #john --wordlist=/word/list.txt out_file.txt
- Cracking a RAR archive
- rar2john will convert hte rar file into a hash that john can crack
- #rar2john [rarfile] > [out file]
- #john --wordlist=/word/list.txt out_file.txt
- #unrar -p password out_file.txt {% endtab %} {% endtabs %}
Password Brute Forcing
- Cerbrutus-BruteForcer - The fastest brute-forceing and spraying tool available. Currently supports SSH and FTP with other protocols in development.
- Hydra - Super powerful, multi-protocol password brute forceing tool
- Medusa - Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.
- Crowbar - Crowbar **** (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools.
- WBruter - wbruter is is the first tool which has been released as open source wich can guarantee 100% that your pin code will be cracked as long as usb debugging has been enable. wbruter also includes some other brute methods like dictionary attacks for gmail, ftp, rar, zip and some other file extensions.
RSA Tools
- RSA Calculator
- RSACTFTool - RSA multi attacks tool : uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key
- RSATool - rsatool calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d). Resulting parameters are displayed and can optionally be written as an OpenSSL compatible DER or PEM encoded RSA private key.
- RSA Theory - https://muirlandoracle.co.uk/2020/01/29/rsa-encryption/
- Rainbow Crack - RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It crack hashes with rainbow tables.
- dcipher - Decipher hashes using online rainbow & lookup table attack services.