weyne/kaliwiki
1
0
Fork 0
mirror of https://github.com/mubix/kaliwiki.git synced 2025-10-29 16:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #98 from pwnwiki/Menu-Password-Attacks

Browse Source 
Menu password attacks
This commit is contained in:
WebBreacher
2014-08-20 20:18:02 -04:00
parent f65cb13ad2 8267a90ffa
commit 44c0e88bbb
3 changed files with 132 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
password/index.md
View File

@@ -16,9 +16,9 @@ Offline Attacks
* [dictstat](../tools/dictstat.md) * [dictstat](../tools/dictstat.md)
* [fcrackzip](../tools/fcrackzip.md) * [fcrackzip](../tools/fcrackzip.md)
* [hashcat](../tools/hashcat.md) * [hashcat](../tools/hashcat.md)
* [hash-identifier](../tools/_template.md) * [hash-identifier](../tools/hash-identifier.md)
* [john](../tools/john.md) * [john](../tools/john.md)
* [lsadump](../tools/_template.md) * [lsadump](../tools/lsadump.md)
* [maskgen](../tools/_template.md) * [maskgen](../tools/_template.md)
* [oclhashcat](../tools/oclhashcat.md) * [oclhashcat](../tools/oclhashcat.md)
* [ophcrack](../tools/_template.md) * [ophcrack](../tools/_template.md)

100
tools/hash-identifier.md Normal file
View File

@@ -0,0 +1,100 @@
# hash-identifier
Notes
-------
Software to identify the different types of hashes used to encrypt data and especially passwords.
Encryption formats supported:
* ADLER-32
* CRC-32
* CRC-32B
* CRC-16
* CRC-16-CCITT
* DES(Unix)
* FCS-16
* GHash-32-3
* GHash-32-5
* GOST R 34.11-94
* Haval-160
* Haval-192 110080 ,Haval-224 114080 ,Haval-256
* Lineage II C4
* Domain Cached Credentials
* XOR-32
* MD5(Half)
* MD5(Middle)
* MySQL
* MD5(phpBB3)
* MD5(Unix)
* MD5(Wordpress)
* MD5(APR)
* Haval-128
* MD2
* MD4
* MD5
* MD5(HMAC(Wordpress))
* NTLM
* RAdmin v2.x
* RipeMD-128
* SNEFRU-128
* Tiger-128
* MySQL5 - SHA-1(SHA-1($pass))
* MySQL 160bit - SHA-1(SHA-1($pass))
* RipeMD-160
* SHA-1
* SHA-1(MaNGOS)
* Tiger-160
* Tiger-192
* md5($pass.$salt) - Joomla
* SHA-1(Django)
* SHA-224
* RipeMD-256
* SNEFRU-256
* md5($pass.$salt) - Joomla
* SAM - (LM_hash:NT_hash)
* SHA-256(Django)
* RipeMD-320
* SHA-384
* SHA-256
* SHA-384(Django)
* SHA-512
* Whirlpool
* And more…
Help Text
-------
```
no help text
```
Example Usage
-------
Example using "password" run through sha-1
```
root@kali:~# hash-identifier
#########################################################################
# __ __ __ ______ _____ #
# /\ \/\ \ /\ \ /\__ _\ /\ _ `\ #
# \ \ \_\ \ __ ____ \ \ \___ \/_/\ \/ \ \ \/\ \ #
# \ \ _ \ /'__`\ / ,__\ \ \ _ `\ \ \ \ \ \ \ \ \ #
# \ \ \ \ \/\ \_\ \_/\__, `\ \ \ \ \ \ \_\ \__ \ \ \_\ \ #
# \ \_\ \_\ \___ \_\/\____/ \ \_\ \_\ /\_____\ \ \____/ #
# \/_/\/_/\/__/\/_/\/___/ \/_/\/_/ \/_____/ \/___/ v1.1 #
# By Zion3R #
# www.Blackploit.com #
# Root@Blackploit.com #
#########################################################################
-------------------------------------------------------------------------
HASH: 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
Possible Hashs:
[+] SHA-1
[+] MySQL5 - SHA-1(SHA-1($pass))
```
Links
-------
[Google Code](https://code.google.com/p/hash-identifier/)
[Youtube Video](https://www.youtube.com/watch?v=EaoiZ2CnOLo)

30
tools/lsadump.md Normal file
View File

@@ -0,0 +1,30 @@
# lsadump
Notes
-------
This is an application to dump the contents of the LSA secrets on a machine, provided you are an Administrator. It uses the same technique as pwdump2 to bypass restrictions that Microsoft added to LsaRetrievePrivateData(), which cause the original lsadump to fail.
Help Text
-------
```
usage: /usr/bin/lsadump <system hive> <security hive>
```
Example Usage
-------
Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently)
Quick: Dump LSA Secrets (lsadump)
If any Windows services are running under a domain account, then the passwords for those accounts must be stored locally in a reversible format. LSAdump2, LSASecretsDump, pwdumpx, gsecdump or Cain & Abel can recover these.
You might have to stare at the output of lsadump and the list of services in
After youve correlated plain text passwords from the “_SC_<service name>” sections of LSAdump with the domain usernames from services.msc using the short “service name”, you should a list of domain accounts and cleartext passwords.
Investigate your new found accounts and see if youre domain admin yet.
(stolen from pentest monkey)
Links
-------
[Volatility](https://code.google.com/p/volatility/source/browse/branches/Volatility-2.0.1/volatility/plugins/registry/lsadump.py)
[Pentest Monkey](http://pentestmonkey.net/uncategorized/from-local-admin-to-domain-admin)
[Video](https://www.youtube.com/watch?v=7qQwVrCFE60) showing use with volatility