Blog Posts Tagged with "cracking"

71d85bb5d111973cb65dfee3d2a7e6c9

Refresher Series - Capturing and cracking SMB hashes with Cain and Half-LM rainbow tables.

December 20, 2012 Added by:f8lerror

On to the fun stuff, to capture a hash we want to use the Metasploit capture SMB auxiliary module, which is located in auxiliary/server/capture/smb. Leave the default settings with the exception of the CAINPWFILE. Set this to output the file where ever you like...

Comments  (0)

37d5f81e2277051bc17116221040d51c

What Makes My Passwords Vulnerable?

November 25, 2012 Added by:Robert Siciliano

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Microsoft Forcing Users to Use Less Secure Passwords

September 18, 2012 Added by:Dan Dieterle

Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...

Comments  (2)

B64e021126c832bb29ec9fa988155eaf

Chapcrack and CloudCracker Unlock MS-CHAPv2-Based VPN Traffic

September 06, 2012 Added by:Dan Dieterle

A recently released article explains in detail how to crack MS-CHAPv2 communication used in many PPTP based VPNs with a 100% success rate. But that is not all, the protocol is also used in WPA2 enterprise environments for connecting to Radius authentication servers. Ouch...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Metasploitable 2.0 pt 4: Cracking Linux Passwords and Pentesting with Grep

August 20, 2012 Added by:Dan Dieterle

Because we had a root shell, we were able to grab the Linux password hashes from the system by simply copying them and pasting them on our local machine. We were then able to use John the Ripper to crack them. We now have passwords to play with...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Billions of Hashes per Second with Multiforcer Password Cracker

August 07, 2012 Added by:Dan Dieterle

So what does it take to reach cracking speeds topping 154 Billion hashes per second with multiple hashes? The tool was created to help out pentesters who need to crack passwords, but can not submit hashes obtained to online cracking programs due to auditing agreement restrictions...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

How Fast Can Your Password Be Cracked? Instantly...

July 02, 2012 Added by:f8lerror

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Password Protection Pointers

June 12, 2012 Added by:Jayson Wylie

The best password is the one that only you know. Even better one is one that nobody else can find out. Crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. It is possible to categorize your passwords to define the sensitivity of their purpose....

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

LinkedIn Hacked: Change Your Password

June 06, 2012 Added by:Headlines

Reports indicate that as many as 6.4 million passwords have been compromised. Though the passwords are in encrypted form, reports indicate that they are being cracked at a rapid rate, with somewhere near 300,000 passwords already revealed, putting those LinkedIn members' accounts at risk...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

LM Hash Flaw: Windows Passwords Easy to Crack

March 01, 2012 Added by:Dan Dieterle

The thing is that the lower security hashes are not present on the SAM stored on the hard drive. When the security accounts are loaded into active RAM, Windows re-creates the LM hashes. The LM Hash can be pulled from active RAM using the Windows Credential Editor (WCE)...

Comments  (0)

Cb9aade927a0abf5b0bbdd2a4aaf8716

Metadata: A Pentester’s Best Friend

February 17, 2012 Added by:Jake Garlie

Most modern productivity software will automatically insert this information into documents for benefits such as collaboration. However, if not removed before being published to a website, metadata can put an organization at risk...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool

February 15, 2012 Added by:Headlines

A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Hash Types for John the Ripper

January 14, 2012 Added by:Rob Fuller

Pentest Monkey is a great resource for a lot of things. You can take this a step further and create a hash mangler script that takes a clean hash and adds the few prefixes and suffixes that are common on Pentest Monkey's list to get the most odds at John picking it up...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Crazy Fast Password Recovery with Hashcat

January 02, 2012 Added by:Dan Dieterle

Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Top Ten Password Cracking Methods

December 05, 2011 Added by:Headlines

"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of all possible password combinations for any given hashing algorithm mind..."

Comments  (2)

Page « < 1 - 2 > »
Most Liked