From b7a418911980ceb239ca28de79c78e30cb463f6d Mon Sep 17 00:00:00 2001
From: Will Pennell <wpennell@gmail.com>
Date: Tue, 19 Aug 2014 21:40:44 -0400
Subject: [PATCH 1/3] Added hash-identifier

---
 tools/hash-identifier.md | 100 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 tools/hash-identifier.md

diff --git a/tools/hash-identifier.md b/tools/hash-identifier.md
new file mode 100644
index 0000000..b6f96a0
--- /dev/null
+++ b/tools/hash-identifier.md
@@ -0,0 +1,100 @@
+# hash-identifier
+
+Notes
+-------
+Software to identify the different types of hashes used to encrypt data and especially passwords.
+
+Encryption formats supported:
+
+* ADLER-32
+* CRC-32
+* CRC-32B
+* CRC-16
+* CRC-16-CCITT
+* DES(Unix)
+* FCS-16
+* GHash-32-3
+* GHash-32-5
+* GOST R 34.11-94
+* Haval-160
+* Haval-192 110080 ,Haval-224 114080 ,Haval-256
+* Lineage II C4
+* Domain Cached Credentials
+* XOR-32
+* MD5(Half)
+* MD5(Middle)
+* MySQL
+* MD5(phpBB3)
+* MD5(Unix)
+* MD5(Wordpress)
+* MD5(APR)
+* Haval-128
+* MD2
+* MD4
+* MD5
+* MD5(HMAC(Wordpress))
+* NTLM
+* RAdmin v2.x
+* RipeMD-128
+* SNEFRU-128
+* Tiger-128
+* MySQL5 - SHA-1(SHA-1($pass))
+* MySQL 160bit - SHA-1(SHA-1($pass))
+* RipeMD-160
+* SHA-1
+* SHA-1(MaNGOS)
+* Tiger-160
+* Tiger-192
+* md5($pass.$salt) - Joomla
+* SHA-1(Django)
+* SHA-224
+* RipeMD-256
+* SNEFRU-256
+* md5($pass.$salt) - Joomla
+* SAM - (LM_hash:NT_hash)
+* SHA-256(Django)
+* RipeMD-320
+* SHA-384
+* SHA-256
+* SHA-384(Django)
+* SHA-512
+* Whirlpool
+* And more…
+
+Help Text
+-------
+```
+no help text
+```
+
+Example Usage
+-------
+Example using "password" run through sha-1
+
+```
+root@kali:~# hash-identifier
+   #########################################################################
+   #	 __  __ 		    __		 ______    _____	   #
+   #	/\ \/\ \		   /\ \ 	/\__  _\  /\  _ `\	   #
+   #	\ \ \_\ \     __      ____ \ \ \___	\/_/\ \/  \ \ \/\ \	   #
+   #	 \ \  _  \  /'__`\   / ,__\ \ \  _ `\	   \ \ \   \ \ \ \ \	   #
+   #	  \ \ \ \ \/\ \_\ \_/\__, `\ \ \ \ \ \	    \_\ \__ \ \ \_\ \	   #
+   #	   \ \_\ \_\ \___ \_\/\____/  \ \_\ \_\     /\_____\ \ \____/	   #
+   #	    \/_/\/_/\/__/\/_/\/___/    \/_/\/_/     \/_____/  \/___/  v1.1 #
+   #								 By Zion3R #
+   #							www.Blackploit.com #
+   #						       Root@Blackploit.com #
+   #########################################################################
+
+   -------------------------------------------------------------------------
+ HASH: 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+
+Possible Hashs:
+[+]  SHA-1
+[+]  MySQL5 - SHA-1(SHA-1($pass))
+```
+
+Links
+-------
+[Google Code](https://code.google.com/p/hash-identifier/)
+[Youtube Video](https://www.youtube.com/watch?v=EaoiZ2CnOLo)

From 1d80bd4f84c7f570ce01f01c6a1c99cc5abcce7d Mon Sep 17 00:00:00 2001
From: Will Pennell <wpennell@gmail.com>
Date: Tue, 19 Aug 2014 21:41:48 -0400
Subject: [PATCH 2/3] Added lsadump

most of the information is via volatility references
---
 tools/lsadump.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 tools/lsadump.md

diff --git a/tools/lsadump.md b/tools/lsadump.md
new file mode 100644
index 0000000..44a1f8f
--- /dev/null
+++ b/tools/lsadump.md
@@ -0,0 +1,30 @@
+# lsadump
+
+Notes
+-------
+This is an application to dump the contents of the LSA secrets on a machine, provided you are an Administrator. It uses the same technique as pwdump2 to bypass restrictions that Microsoft added to LsaRetrievePrivateData(), which cause the original lsadump to fail.
+
+
+Help Text
+-------
+```
+usage: /usr/bin/lsadump <system hive> <security hive>
+```
+
+Example Usage
+-------
+Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently)
+
+Quick: Dump LSA Secrets (lsadump)
+If any Windows services are running under a domain account, then the passwords for those accounts must be stored locally in a reversible format.  LSAdump2, LSASecretsDump, pwdumpx, gsecdump or Cain & Abel can recover these.
+You might have to stare at the output of lsadump and the list of services in
+After you’ve correlated plain text passwords from the “_SC_<service name>” sections of LSAdump with the domain usernames from services.msc using the short “service name”, you should a list of domain accounts and cleartext passwords.
+Investigate your new found accounts and see if you’re domain admin yet.
+(stolen from pentest monkey)
+
+
+Links
+-------
+[Volatility](https://code.google.com/p/volatility/source/browse/branches/Volatility-2.0.1/volatility/plugins/registry/lsadump.py)
+[Pentest Monkey](http://pentestmonkey.net/uncategorized/from-local-admin-to-domain-admin)
+[Video](https://www.youtube.com/watch?v=7qQwVrCFE60) showing use with volatility

From 8267a90ffaa41e9719af217d7230b79a841d4a8c Mon Sep 17 00:00:00 2001
From: Will Pennell <wpennell@gmail.com>
Date: Tue, 19 Aug 2014 21:42:03 -0400
Subject: [PATCH 3/3] Updating menu

---
 password/index.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/password/index.md b/password/index.md
index faa6c5a..d600b7b 100644
--- a/password/index.md
+++ b/password/index.md
@@ -16,9 +16,9 @@ Offline Attacks
  * [dictstat](../tools/dictstat.md)
  * [fcrackzip](../tools/fcrackzip.md)
  * [hashcat](../tools/hashcat.md)
- * [hash-identifier](../tools/_template.md)
+ * [hash-identifier](../tools/hash-identifier.md)
  * [john](../tools/john.md)
- * [lsadump](../tools/_template.md)
+ * [lsadump](../tools/lsadump.md)
  * [maskgen](../tools/_template.md)
  * [oclhashcat](../tools/oclhashcat.md)
  * [ophcrack](../tools/_template.md)