Thanks for the reply. I will add the john command. I looked at the argonlist wordlist and found it wanting. Xploitz thinks this too (http://forums.remote-exploit.org/sho...53&postcount=1). Pureh@te too http://forums.remote-exploit.org/sho...6&postcount=30. Not to mention that the good parts of the argonlist are in Xploitz's or Pureh@te's wordlist. I know I read that in a post but I can't find it now.Originally Posted by operat0r
I was not aware of rcracki changing their table format. I will start looking at it tomorrow.
I am sorry I didn't post sooner. I was studying for my final MCITP:EA exam and I passed it yesterday.
I like the bleeding edge, but I don't like blood loss
Changes from version 0.5
* added wpa pw-inspector command
* added a wordlist manipulation section
* added usage of fgdump
* added rcracki section
* added a sample hash.txt to play with
* john can be used to feed input to aircrack-ng
* moved a few things around for a better flow
I like the bleeding edge, but I don't like blood loss
Hi bofh28. First off, thanks very much for the very comprehensive guide you wrote and upkeep, it makes for quite the read.
My quandary, as I was hoping to get your (or anyone's, for that matter) expert assistance, is that I have a domain cache hash, and have the first letter of the password "T", and the last two digits "00" of the password.
This is all I know. As far as I know, based on the password policies I set in for the network, this is minimum an 8 digit password. (but not above 10).
Somewhere, (and now I can't find the post!) i read that with crunch, or john, one could make it so that the prefix of every computed line of the dictionary was whatever character. This would make for filling the blanks on an unknown, uncracked as of yet password.
As an example, I know it starts with a capital T, and ends with 00..
So I would ask crunch to compute all the possible variations with BLAH charset and thus it would go:
Taaaaaa00
Taaaaab00
Taaaaac00
Taaaaad00
and so on. The constants would be T and 00.
The middle (aaaaa)'s are all that needs computing.
I know this is possible but am kind of stuck as to how.
Would you please help a fella out?
Cheers.
You need the new john the ripper v1.7.3.1
It contains a new mode known as KnownForce. KnownForce will allow you to specify a fixed character at a fixed spot. I am planning on covering this in the next release of the guide, but I haven't had much time to work on it so it will probably be a month or two. Compiling the new john is easy. If you need NTLM then you need the jumbo patch. You can find more information about john at http://marc.info/?l=john-users (July and August).
If you need help just post.
I like the bleeding edge, but I don't like blood loss
I have been looking at the table of contents and it looks messy to me. This has gotten me to think about how to better organize the material. I came up with the following. Some of the items are not in the current version and will be added in the next release. What do you think? Granted that john 1.7.3.1 and samdump2 v2.0 are not a part of BT3, but I think they work where they are. Or maybe I should added a section on available BT tool updates?
1. Extracting hashes from the Windows SAM
1.1. LM vs NTLM
1.2. Syskey
1.3. Using BT tools
1.3.1. Bkhive
1.3.2. Samdump2 v 1.1.1
1.3.3. Samdump2 v 2.0
1.4. Using Windows tools
1.4.1. Pwdump
1.4.2. Gsecdump
1.4.3. Fgdump
2. Cracking Windows Passwords
2.1. Using BT tools
2.1.1. John the ripper 1.7.2
2.1.1.1. Cracking LM hash
2.1.1.2. Cracking NTLM hash
2.1.1.3. Cracking NTLM hash using lm password
2.1.2. John the ripper 1.7.3.1
2.1.2.1. Get and compile
2.1.2.2. Cracking LM hash
2.1.2.3. Cracking LM hash using known characters in known location (knownforce)
2.1.2.4. Cracking NTLM hash
2.1.2.5. Cracking NTLM hash using lm password (dumbforce)
2.1.3. Mdcrack
2.1.3.1. Cracking LM hash
2.1.3.2. Cracking NTLM hash
2.1.3.3. Cracking NTLM hash using lm password
2.2. Using Windows tools
2.2.1. John the ripper
2.2.1.1. Cracking LM hash
2.2.1.2. Cracking NTLM hash
2.2.1.3. Cracking NTLM hash using lm password
2.2.2. Mdcrack
2.2.2.1. Cracking LM hash
2.2.2.2. Cracking NTLM hash
2.2.2.3. Cracking NTLM hash using lm password
2.2.3. Ophcrack
2.2.4. Cain and Able
2.3. Using a Live CD
2.3.1. Ophcrack
3. Changing Windows Password
3.1. Changing Local user Passwords
3.1.1. Using BT tools
3.1.1.1. Chntpw
3.1.2. Using a Live CD
3.1.2.1. Chntpw
3.1.2.2. System rescue cd
3.2. Changing AD passwords
3.2.1. websites
4. Cracking Linux Passwords
5. Cracking Novell Passwords
6. Cracking networking equipment password
6.1. Using BT tools
6.1.1. Hydra
6.1.2. Xhydra
6.1.3. Medusa
6.2. Using windows tools
6.2.1. brutus
7. Cracking application passwords
7.1. Oracle
8. Wordlists
8.1. Using John the Ripper to generate a wordlist
8.2. Configuring John the Ripper to use a wordlist
8.3. Using crunch to generate a wordlist
8.4. Generate a wordlist from a textfile or website
8.5. Using premade wordlists
8.6. Other wordlist generators
8.7. Manipulating your wordlist
9. Rainbow Tables
9.1. What are they?
9.2. Generating your own
9.3. rcrack - obsolete but works
9.4. rcracki - new but doesn't work
9.5. Generating a rainbow table
9.6. WEP cracking
9.7. WPA-PSK
I like the bleeding edge, but I don't like blood loss
Just a quick update. I haven't forgotten or abandoned the guide. I have been busy with other things. Version 0.7 is about 2/3 of the way done and I went with a table on contents similar to the layout above.
I like the bleeding edge, but I don't like blood loss
Thanx man....
Just downloaded it ... no problem what so ever
New Version 0.7
Changes from version 0.6
* added a section on generating a wordlist from a website
* added head, tail, and sed commands to wordlist manipulation
* added a section on xhdrya (pointing to Pureh@te's video)
* added a section on gsecdump
* added a section on medusa
* added a section on cisco
* expanded the crunch section
* moved everything around in an effort to make things easier to find
* the dumbforce and knownforce are not finished
I like the bleeding edge, but I don't like blood loss
Changes from version 0.7
* Fixed john --incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w --test.cap
missing a - Thanks to roblad for pointing it out
I like the bleeding edge, but I don't like blood loss
nice share! thanks!
Posting Permissions
