weyne/kaliwiki
1
0
Fork 0
mirror of https://github.com/mubix/kaliwiki.git synced 2025-10-29 16:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #93 from pwnwiki/Menu-Password-Attacks

Browse Source 
Menu password attacks
This commit is contained in:
WebBreacher 2014-05-03 13:50:17 -04:00
commit 88716c2f0e
4 changed files with 203 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
password/index.md
View File

@ -9,13 +9,48 @@ GPU Tools
Offline Attacks
-----------
* [tool](../tools/_template.md)
* [tool](../tools/_template.md)
* [tool](../tools/_template.md)
* [cachedump](../tools/cachedump.md)
* [chntpw](../tools/chntpw.md)
* [cmospwd](../tools/cmospwd.md)
* [crunch](../tools/_template.md)
* [dictstat](../tools/_template.md)
* [fcrackzip](../tools/_template.md)
* [hashcat](../tools/_template.md)
* [hash-identifier](../tools/_template.md)
* [john](../tools/_template.md)
* [lsadump](../tools/_template.md)
* [maskgen](../tools/_template.md)
* [oclhashcat](../tools/oclhashcat.md)
* [ophcrack](../tools/_template.md)
* [ophcrack-cli](../tools/_template.md)
* [policygen](../tools/_template.md)
* [pwdump](../tools/_template.md)
* [pyrit](../tools/pyrit.md)
* [rainbowcrack](../tools/_template.md)
* [rcracki_mt](../tools/_template.md)
* [rsmangler](../tools/_template.md)
* [samdump2](../tools/_template.md)
* [sipcrack](../tools/_template.md)
* [sucrack](../tools/_template.md)
* [truecrack](../tools/_template.md)
Online Attacks
-----------
* [tool](../tools/_template.md)
* [tool](../tools/_template.md)
* [tool](../tools/_template.md)
* [acccheck](../tools/acccheck)
* [burpsuite](../tools/burpsuite.md)
* [cewl](../tools/_template.md)
* [cisco-auditing-tool](../tools/_template.md)
* [dbpwaudit](../tools/dbpwaudit.md)
* [findmyhash](../tools/_template.md)
* [hydra](../tools/_template.md)
* [hydra-gtk](../tools/_template.md)
* [medusa](../tools/_template.md)
* [ncrack](../tools/_template.md)
* [onesixtyone](../tools/onesixtyone.md)
* [owasp-zap](../tools/owasp-zap.md)
* [patator](../tools/_template.md)
* [phrasendrescher](../tools/_template.md)
* [thc-pptp-bruter](../tools/_template.md)
* [webscarab](../tools/webscarab.md)

19
tools/cachedump.md Normal file
View File

@ -0,0 +1,19 @@
# cachedump
Notes
-------
Help Text
-------
```
usage: /usr/bin/cachedump <system hive> <security hive>
```
Example Usage
-------
Links
-------

96
tools/chntpw.md
View File

@ -7,6 +7,100 @@ This manual page documents briefly the chntpw command. This manual page was wri
chntpw is a utility to view some information and change user passwords in a Windows NT/2000 SAM userdatabase file, usually located at \WINDOWS\system32\config\SAM on the Windows file system. It is not necessary to
know the old passwords to reset them. In addition it contains a simple registry editor (same size data writes) and hex-editor with which the information contained in a registry file can be browsed and modified.
This little program will enable you to view some information and
change user passwords, change user/group memberships
in a Windows (NT/XP/Vista/win7/win8) etc SAM userdatabase file.
You do not need to know the old passwords.
However, you need to get at the registry files some way or another yourself.
In addition it contains a simple registry editor with full write support,
and hex-editor which enables you to
fiddle around with bits&bytes in the file as you wish yourself.[1]
```
chntpw: Program for interactively resetting passwords and group
memberships.
My boot CD runs this with options -i -L SAM
chntpw: change password of a user in a Windows SAM file,
or invoke registry editor. Should handle both 32 and 64 bit windows and
all version from NT3.x to Win8
chntpw [OPTIONS] <samfile> [systemfile] [securityfile] [otherreghive] [...]
-h This message
-u <user> Username or RID (0x3e9 for example) to interactively edit
-l list all users in SAM file and exit
-i Interactive Menu system
-f Interactively edit first admin user
-e Registry editor. Now with full write support!
-d Enter buffer debugger instead (hex editor),
-v Be a little more verbose (for debuging)
-L For scripts, write names of changed files to /tmp/changed
-N No allocation mode. Only same length overwrites possible (very safe mode)
-E No expand mode, do not expand hive file (safe mode)
-u <user> Username or RID (0x3e9 for example) to interactively edit
Invoke the interactive edit menu on specified user.
Specifying a user name will most likely fail if user has international
character, so better to use user ID (RID), for example
chnptw -u 0x3e9 SAM
to edit user with hexadecimal RID 3e9
-l list all users in SAM file and exit
Just that, list users in human readable form, with some info about if
user is admin and if password is set.
-i Interactive Menu system
Invokes the menu system. Menu items will vary a bit depending on what
registry hives are loaded.
-f Interactively edit first admin user
Select first admin user for edit. This is user with lowest RID that
also is member of administators group, or built-in user 0x1f4 if not
others possible.
-e Registry editor. Now with full write support!
Enter the registry editor. It is a small command system. ? for help
there. See other documentation for more on regedits.
-d Enter buffer debugger instead (hex editor),
Command line type hex editor, mostly for debugging purposes. ? for help.
-v Be a little more verbose (for debuging)
Lots of debug output during most operations (especially hive loading)
-L For scripts, write names of changed files to /tmp/changed
If any of the other functions changes the registry, the changed files
are listed here. Can be used by wrapper scripts to know what to save.
My boot CD uses it.
-N No allocation mode. Only same length overwrites possible (very safe mode)
Safe mode. Will only allow changes in registry that overwrites old
values with same length data. Password reset only changes 2 bytes, and
does not change value lenght, so password reset will still work in
this safe mode. If something tries to violate this safe mode, a lot of
error messages (some of the rather obscure) may occur.
-E No expand mode, do not expand hive file (safe mode)
Safe mode. Does not allow expanding the size of the file, but will
allow adding keys/values as long as there is free space in the file
already. (most files contains some free space)
If expansion is needed but not allowed by this option,
a lot of obscure error messages may occur, and file should not be saved.
```
Help Text
-------
```
@ -55,4 +149,4 @@ chntpw -u jabbathehutt SAM
Links
-------
1. [pogostick.net](http://pogostick.net/~pnh/ntpasswd/)

48
tools/cmospwd.md Normal file
View File

@ -0,0 +1,48 @@
# cmospwd
Notes
-------
CmosPwd decrypts password stored in cmos used to access BIOS SETUP.
Works with the following BIOSes
* ACER/IBM BIOS
* AMI BIOS
* AMI WinBIOS 2.5
* Award 4.5x/4.6x/6.0
* Compaq (1992)
* Compaq (New version)
* IBM (PS/2, Activa, Thinkpad)
* Packard Bell
* Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
* Phoenix 4 release 6 (User)
* Gateway Solo - Phoenix 4.0 release 6
* Toshiba
* Zenith AMI
With CmosPwd, you can also backup, restore and erase/kill cmos.[1]
Help Text
-------
```
CmosPwd - BIOS Cracker 5.0, October 2007, Copyright 1996-2007
GRENIER Christophe, grenier@cgsecurity.org
http://www.cgsecurity.org/
Usage: cmospwd [/k[de|fr]] [/d]
cmospwd [/k[de|fr]] [/d] /[wlr] cmos_backup_file write/load/restore
cmospwd /k kill cmos
cmospwd [/k[de|fr]] /m[01]* execute selected module
/kfr french AZERTY keyboard, /kde german QWERTZ keyboard
/d to dump cmos
/m0010011 to execute module 3,6 and 7
NB: For Award BIOS, passwords are differents than original, but work.
```
Example Usage
-------
Links
-------
1. [cgsecurity](http://www.cgsecurity.org/wiki/CmosPwd)