weyne/kaliwiki
1
0
Fork 0
mirror of https://github.com/mubix/kaliwiki.git synced 2025-10-29 16:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #95 from pwnwiki/Menu-Password-Attacks

Browse Source 
Menu password attacks
This commit is contained in:
WebBreacher 2014-05-23 16:47:23 -04:00
commit 3d75e70d33
3 changed files with 126 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
password/index.md
View File

@ -13,8 +13,8 @@ Offline Attacks
* [chntpw](../tools/chntpw.md)
* [cmospwd](../tools/cmospwd.md)
* [crunch](../tools/crunch.md)
* [dictstat](../tools/_template.md)
* [fcrackzip](../tools/_template.md)
* [dictstat](../tools/dictstat.md)
* [fcrackzip](../tools/fcrackzip.md)
* [hashcat](../tools/_template.md)
* [hash-identifier](../tools/_template.md)
* [john](../tools/_template.md)

68
tools/dictstat.md Normal file
View File

@ -0,0 +1,68 @@
# dictstat
Notes
-------
"The dictstat Python script is a great little tool for password cracking results analysis or for regular wordlist analysis." [1]
Help Text
-------
```
Usage: dictstat [options] passwords.txt
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-l 8, --length=8 Password length filter.
-c loweralpha, --charset=loweralpha
Password charset filter.
-m stringdigit, --mask=stringdigit
Password mask filter
-o masks.csv, --maskoutput=masks.csv
Save masks to a file
```
Example Usage
-------
"dictstat Password Cracking Results And Wordlist Analysis: Basic Usage" [1]
```
root@bt:/pentest/passwords/pack# ./dictstat.py /root/wordlists/500-worst-passwords.txt
[*] Using Psyco to accelerate parsing.
[*] Analyzing passwords: /root/wordlists/500-worst-passwords.txt
[+] Analyzing 100% (500/500) passwords
NOTE: Statistics below is relative to the number of analyzed passwords, not total number of passwords
[*] Line Count Statistics...
[+] 6: 46% (233)
[+] 7: 19% (96)
[+] 5: 13% (65)
[+] 4: 11% (59)
[+] 8: 09% (45)
[*] Mask statistics...
[+] allstring: 90% (454)
[+] alldigit: 07% (37)
[+] stringdigit: 01% (9)
[*] Charset statistics...
[+] loweralpha: 90% (454)
[+] numeric: 07% (37)
[+] loweralphanum: 01% (9)
[*] Advanced Mask statistics...
[+] ?l?l?l?l?l?l: 43% (219)
[+] ?l?l?l?l?l?l?l: 18% (90)
[+] ?l?l?l?l?l: 12% (62)
[+] ?l?l?l?l: 08% (43)
[+] ?l?l?l?l?l?l?l?l: 08% (40)
[+] ?d?d?d?d: 03% (16)
[+] ?d?d?d?d?d?d: 02% (12)
root@bt:/pentest/passwords/pack#
```
"The output above provides us all sorts of information about the 500 word passwords wordlist including the breakdown of password length, password mask statistics, password charset statistics, and the actual password masks that can be used to crack like passwords. You can see that the majority or 46% of the passwords are six characters long, the longest passwords are eight characters long, and the shortest passwords analyzed are four characters in length. Note that there are also 2 password lengths not listed in the output and each of those passwords are a single character in length as dictstat displays the top results and may not display every single length result. Also the vast majority of the combinations are all lowercase characters (total of 454 out of 500) with the last 46 passwords either being all digits or lowercase + digits. Notice that in this password list there are no passwords with special characters as this is the five hundred worst passwords and special characters would make the passwords more complex and harder to crack thus excluding them from this list. Last but not least we see the password masks that could be used with tools such as oclHashcat to provide a higher probability of cracking future password hashes from the same location these passwords were obtained from."[1]
Links
-------
1. [question-defense](http://www.question-defense.com/2012/12/16/dictstat-backtrack-5-privilege-escalation-password-attacks-offline-attacks-dictstat)

56
tools/fcrackzip.md Normal file
View File

@ -0,0 +1,56 @@
# fcrackzip
Notes
-------
Free/Fast Zip Password Cracker
fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.
Help Text
-------
```
USAGE: fcrackzip
[-b|--brute-force] use brute force algorithm
[-D|--dictionary] use a dictionary
[-B|--benchmark] execute a small benchmark
[-c|--charset characterset] use characters from charset
[-h|--help] show this message
[--version] show the version of this program
[-V|--validate] sanity-check the algortihm
[-v|--verbose] be more verbose
[-p|--init-password string] use string as initial password/file
[-l|--length min-max] check password with length min to max
[-u|--use-unzip] use unzip to weed out wrong passwords
[-m|--method num] use method number "num" (see below)
[-2|--modulo r/m] only calculcate 1/m of the password
file... the zipfiles to crack
methods compiled in (* = default):
0: cpmask
1: zip1
*2: zip2, USE_MULT_TAB
```
Example Usage
-------
```
fcrackzip -c a -p aaaaaa sample.zip
checks the encrypted files in sample.zip for all lowercase 6
character passwords (aaaaaa ... abaaba ... ghfgrg ... zzzzzz).
fcrackzip --method cpmask --charset A --init AAAA test.ppm
checks the obscured image test.ppm for all four character pass
words.
fcrackzip -D -p passwords.txt sample.zip
check for every password listed in the file passwords.txt.
```
Links
-------
1. [hyc/fcrackzip](https://github.com/hyc/fcrackzip)