From b66b84afcd6571fa5f3e4ca3b83ce81522903136 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Fri, 2 May 2014 20:17:31 -0400 Subject: [PATCH 1/5] Adding all tool links Added existing tools, need to add new tools --- password/index.md | 47 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/password/index.md b/password/index.md index 12904f7..952617d 100644 --- a/password/index.md +++ b/password/index.md @@ -9,13 +9,48 @@ GPU Tools Offline Attacks ----------- - * [tool](../tools/_template.md) - * [tool](../tools/_template.md) - * [tool](../tools/_template.md) + * [cachedump](../tools/_template.md) + * [chntpw](../tools/chntpw.md) + * [cmospwd](../tools/_template.md) + * [crunch](../tools/_template.md) + * [dictstat](../tools/_template.md) + * [fcrackzip](../tools/_template.md) + * [hashcat](../tools/_template.md) + * [hash-identifier](../tools/_template.md) + * [john](../tools/_template.md) + * [lsadump](../tools/_template.md) + * [maskgen](../tools/_template.md) + * [oclhashcat](../tools/oclhashcat.md) + * [ophcrack](../tools/_template.md) + * [ophcrack-cli](../tools/_template.md) + * [policygen](../tools/_template.md) + * [pwdump](../tools/_template.md) + * [pyrit](../tools/pyrit.md) + * [rainbowcrack](../tools/_template.md) + * [rcracki_mt](../tools/_template.md) + * [rsmangler](../tools/_template.md) + * [samdump2](../tools/_template.md) + * [sipcrack](../tools/_template.md) + * [sucrack](../tools/_template.md) + * [truecrack](../tools/_template.md) + Online Attacks ----------- - * [tool](../tools/_template.md) - * [tool](../tools/_template.md) - * [tool](../tools/_template.md) + * [acccheck](../tools/acccheck) + * [burpsuite](../tools/burpsuite.md) + * [cewl](../tools/_template.md) + * [cisco-auditing-tool](../tools/_template.md) + * [dbpwaudit](../tools/dbpwaudit.md) + * [findmyhash](../tools/_template.md) + * [hydra](../tools/_template.md) + * [hydra-gtk](../tools/_template.md) + * [medusa](../tools/_template.md) + * [ncrack](../tools/_template.md) + * [onesixtyone](../tools/onesixtyone.md) + * [owasp-zap](../tools/owasp-zap.md) + * [patator](../tools/_template.md) + * [phrasendrescher](../tools/_template.md) + * [thc-pptp-bruter](../tools/_template.md) + * [webscarab](../tools/webscarab.md) From 4ad2a8b24edaa72b4ce68ff5fd7be9b485a6c018 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Fri, 2 May 2014 20:46:59 -0400 Subject: [PATCH 2/5] update chntpw Added more information for the website --- tools/chntpw.md | 96 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) diff --git a/tools/chntpw.md b/tools/chntpw.md index 9233447..a5f1635 100644 --- a/tools/chntpw.md +++ b/tools/chntpw.md @@ -7,6 +7,100 @@ This manual page documents briefly the chntpw command. This manual page was wri chntpw is a utility to view some information and change user passwords in a Windows NT/2000 SAM userdatabase file, usually located at \WINDOWS\system32\config\SAM on the Windows file system. It is not necessary to know the old passwords to reset them. In addition it contains a simple registry editor (same size data writes) and hex-editor with which the information contained in a registry file can be browsed and modified. + +This little program will enable you to view some information and +change user passwords, change user/group memberships +in a Windows (NT/XP/Vista/win7/win8) etc SAM userdatabase file. +You do not need to know the old passwords. +However, you need to get at the registry files some way or another yourself. +In addition it contains a simple registry editor with full write support, +and hex-editor which enables you to +fiddle around with bits&bytes in the file as you wish yourself.[1] + +``` +chntpw: Program for interactively resetting passwords and group +memberships. +My boot CD runs this with options -i -L SAM + + chntpw: change password of a user in a Windows SAM file, + or invoke registry editor. Should handle both 32 and 64 bit windows and + all version from NT3.x to Win8 + chntpw [OPTIONS] [systemfile] [securityfile] [otherreghive] [...] + -h This message + -u Username or RID (0x3e9 for example) to interactively edit + -l list all users in SAM file and exit + -i Interactive Menu system + -f Interactively edit first admin user + -e Registry editor. Now with full write support! + -d Enter buffer debugger instead (hex editor), + -v Be a little more verbose (for debuging) + -L For scripts, write names of changed files to /tmp/changed + -N No allocation mode. Only same length overwrites possible (very safe mode) + -E No expand mode, do not expand hive file (safe mode) + + + + -u Username or RID (0x3e9 for example) to interactively edit + +Invoke the interactive edit menu on specified user. +Specifying a user name will most likely fail if user has international +character, so better to use user ID (RID), for example + chnptw -u 0x3e9 SAM +to edit user with hexadecimal RID 3e9 + + + -l list all users in SAM file and exit + +Just that, list users in human readable form, with some info about if +user is admin and if password is set. + + -i Interactive Menu system + +Invokes the menu system. Menu items will vary a bit depending on what +registry hives are loaded. + + -f Interactively edit first admin user + +Select first admin user for edit. This is user with lowest RID that +also is member of administators group, or built-in user 0x1f4 if not +others possible. + + -e Registry editor. Now with full write support! + +Enter the registry editor. It is a small command system. ? for help +there. See other documentation for more on regedits. + + -d Enter buffer debugger instead (hex editor), + +Command line type hex editor, mostly for debugging purposes. ? for help. + + -v Be a little more verbose (for debuging) + +Lots of debug output during most operations (especially hive loading) + + -L For scripts, write names of changed files to /tmp/changed + +If any of the other functions changes the registry, the changed files +are listed here. Can be used by wrapper scripts to know what to save. +My boot CD uses it. + + -N No allocation mode. Only same length overwrites possible (very safe mode) + +Safe mode. Will only allow changes in registry that overwrites old +values with same length data. Password reset only changes 2 bytes, and +does not change value lenght, so password reset will still work in +this safe mode. If something tries to violate this safe mode, a lot of +error messages (some of the rather obscure) may occur. + + -E No expand mode, do not expand hive file (safe mode) + +Safe mode. Does not allow expanding the size of the file, but will +allow adding keys/values as long as there is free space in the file +already. (most files contains some free space) +If expansion is needed but not allowed by this option, +a lot of obscure error messages may occur, and file should not be saved. +``` + Help Text ------- ``` @@ -55,4 +149,4 @@ chntpw -u jabbathehutt SAM Links ------- - + 1. [pogostick.net](http://pogostick.net/~pnh/ntpasswd/) From c195e87914c4a6f4db64a252ab3de9d5eba57aea Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Fri, 2 May 2014 20:47:23 -0400 Subject: [PATCH 3/5] Added cachedump not a lot of documentation available --- tools/cachedump.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 tools/cachedump.md diff --git a/tools/cachedump.md b/tools/cachedump.md new file mode 100644 index 0000000..f319466 --- /dev/null +++ b/tools/cachedump.md @@ -0,0 +1,19 @@ +# cachedump + +Notes +------- + + +Help Text +------- +``` +usage: /usr/bin/cachedump +``` + +Example Usage +------- + + +Links +------- + From 0a3b254ddc5f6760bc60fdaf1d6a5e03e6d4ccde Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Fri, 2 May 2014 20:47:32 -0400 Subject: [PATCH 4/5] added cmospwd --- tools/cmospwd.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 tools/cmospwd.md diff --git a/tools/cmospwd.md b/tools/cmospwd.md new file mode 100644 index 0000000..fd453f2 --- /dev/null +++ b/tools/cmospwd.md @@ -0,0 +1,48 @@ +# cmospwd + +Notes +------- +CmosPwd decrypts password stored in cmos used to access BIOS SETUP. +Works with the following BIOSes + * ACER/IBM BIOS + * AMI BIOS + * AMI WinBIOS 2.5 + * Award 4.5x/4.6x/6.0 + * Compaq (1992) + * Compaq (New version) + * IBM (PS/2, Activa, Thinkpad) + * Packard Bell + * Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107 + * Phoenix 4 release 6 (User) + * Gateway Solo - Phoenix 4.0 release 6 + * Toshiba + * Zenith AMI +With CmosPwd, you can also backup, restore and erase/kill cmos.[1] + + +Help Text +------- +``` +CmosPwd - BIOS Cracker 5.0, October 2007, Copyright 1996-2007 +GRENIER Christophe, grenier@cgsecurity.org +http://www.cgsecurity.org/ + +Usage: cmospwd [/k[de|fr]] [/d] + cmospwd [/k[de|fr]] [/d] /[wlr] cmos_backup_file write/load/restore + cmospwd /k kill cmos + cmospwd [/k[de|fr]] /m[01]* execute selected module + + /kfr french AZERTY keyboard, /kde german QWERTZ keyboard + /d to dump cmos + /m0010011 to execute module 3,6 and 7 + +NB: For Award BIOS, passwords are differents than original, but work. + +``` + +Example Usage +------- + +Links +------- +1. [cgsecurity](http://www.cgsecurity.org/wiki/CmosPwd) From 549bd221846474a56784f5623bc0a22979ca64bc Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Fri, 2 May 2014 20:47:46 -0400 Subject: [PATCH 5/5] Slowly updating menu --- password/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/password/index.md b/password/index.md index 952617d..15242a8 100644 --- a/password/index.md +++ b/password/index.md @@ -9,9 +9,9 @@ GPU Tools Offline Attacks ----------- - * [cachedump](../tools/_template.md) + * [cachedump](../tools/cachedump.md) * [chntpw](../tools/chntpw.md) - * [cmospwd](../tools/_template.md) + * [cmospwd](../tools/cmospwd.md) * [crunch](../tools/_template.md) * [dictstat](../tools/_template.md) * [fcrackzip](../tools/_template.md)