Cross posting some work of a friend of mine that I was helping with, I say “helping” in the lightest form of the word (I had a domain controller ready to test, he didn’t).
Meatballs (over at: http://rewtdance.blogspot.com) has been doing some work attempting to put together a metasploit module to decrypt passwords found within the sysvol folder on win2k8 domains.
However rather than just settle for the disclosed… Continue reading
Quiet often people ask me to bruteforce a hash for them. My usual response after the obligatory; where did you get the hash from? is “I’ll run a few dictionaries against it unless you provide me with a charset and length!”
For those that don’t understand it needs to be made clear exactly what bruteforce cracking means.
Lets just say we have a four character pin that can only… Continue reading
…running Centos 6.2
After seeing a great little tutorial courtesy of @hak5darren I decided to implement this on my VPS box to provide a little extra security while removing the need for private keys.
Granted I can still use private keys at home but it’d be nice to have access to my box when I maybe don’t have access to my private key or using it via an internet cafe.… Continue reading
Today I’ve been writing my first python script. I’m using passlib.hash, unfortunately ubuntu 12.04 comes with version 1.5.3 instead of version 1.6 so there is no support for MsSQL, LM, NTLM, Domain Cached etc…
I don’t like installing packages from source as it’s a bugger to roll back if something goes wrong, so I decided to look into creating a deb package of passlib 1.6.
It’s as simple as:… Continue reading
So Linkedin hashes have recently been leaked onto the net, and plenty of people have been cracking them. Meanwhile eHarymony passwords were also leaked!
The hashes are here and a quick download is all thats needed. wget them to prevent your browser from trying to render the entire txt file!
Throwing a dictionary at it with 80,546,115 words in it results in 22% cracked passwords.
12345678910111213141516171819202122232425262728293031$ ./oclHashcat-plus64.bin eharmony.txt -r rules/best64.rule… Continue reading