Page 8 of 11 FirstFirst ... 678910 ... LastLast
Results 71 to 80 of 103

Thread: password cracking guide

  1. #71
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by operat0r View Post
    john --wordlist=Words.lst --rules --stdout
    john will 49 x's Multiply wordlist
    theargonlistver2_wordlist.zip (83meg) > .rar(154meg) > .lst ( plan text 1.9gigs)
    if it were to go through john it would result in a 85gig ~98,558,569,081 line file..

    I think theargon is back up now but here is RS link for it
    http://rapidshare.com/files/98912262...dlist.zip.html

    also rcracki is out you may want to look into that tables have changed !
    Thanks for the reply. I will add the john command. I looked at the argonlist wordlist and found it wanting. Xploitz thinks this too (http://forums.remote-exploit.org/sho...53&postcount=1). Pureh@te too http://forums.remote-exploit.org/sho...6&postcount=30. Not to mention that the good parts of the argonlist are in Xploitz's or Pureh@te's wordlist. I know I read that in a post but I can't find it now.

    I was not aware of rcracki changing their table format. I will start looking at it tomorrow.

    I am sorry I didn't post sooner. I was studying for my final MCITP:EA exam and I passed it yesterday.
    I like the bleeding edge, but I don't like blood loss

  2. #72
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Changes from version 0.5
    * added wpa pw-inspector command
    * added a wordlist manipulation section
    * added usage of fgdump
    * added rcracki section
    * added a sample hash.txt to play with
    * john can be used to feed input to aircrack-ng
    * moved a few things around for a better flow
    I like the bleeding edge, but I don't like blood loss

  3. #73
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    2

    Default

    Hi bofh28. First off, thanks very much for the very comprehensive guide you wrote and upkeep, it makes for quite the read.

    My quandary, as I was hoping to get your (or anyone's, for that matter) expert assistance, is that I have a domain cache hash, and have the first letter of the password "T", and the last two digits "00" of the password.

    This is all I know. As far as I know, based on the password policies I set in for the network, this is minimum an 8 digit password. (but not above 10).

    Somewhere, (and now I can't find the post!) i read that with crunch, or john, one could make it so that the prefix of every computed line of the dictionary was whatever character. This would make for filling the blanks on an unknown, uncracked as of yet password.

    As an example, I know it starts with a capital T, and ends with 00..

    So I would ask crunch to compute all the possible variations with BLAH charset and thus it would go:

    Taaaaaa00
    Taaaaab00
    Taaaaac00
    Taaaaad00

    and so on. The constants would be T and 00.
    The middle (aaaaa)'s are all that needs computing.

    I know this is possible but am kind of stuck as to how.

    Would you please help a fella out?

    Cheers.

  4. #74
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by amakryss View Post
    Hi bofh28. First off, thanks very much for the very comprehensive guide you wrote and upkeep, it makes for quite the read.

    My quandary, as I was hoping to get your (or anyone's, for that matter) expert assistance, is that I have a domain cache hash, and have the first letter of the password "T", and the last two digits "00" of the password.

    This is all I know. As far as I know, based on the password policies I set in for the network, this is minimum an 8 digit password. (but not above 10).

    Somewhere, (and now I can't find the post!) i read that with crunch, or john, one could make it so that the prefix of every computed line of the dictionary was whatever character. This would make for filling the blanks on an unknown, uncracked as of yet password.

    As an example, I know it starts with a capital T, and ends with 00..

    So I would ask crunch to compute all the possible variations with BLAH charset and thus it would go:

    Taaaaaa00
    Taaaaab00
    Taaaaac00
    Taaaaad00

    and so on. The constants would be T and 00.
    The middle (aaaaa)'s are all that needs computing.

    I know this is possible but am kind of stuck as to how.

    Would you please help a fella out?

    Cheers.
    You need the new john the ripper v1.7.3.1

    It contains a new mode known as KnownForce. KnownForce will allow you to specify a fixed character at a fixed spot. I am planning on covering this in the next release of the guide, but I haven't had much time to work on it so it will probably be a month or two. Compiling the new john is easy. If you need NTLM then you need the jumbo patch. You can find more information about john at http://marc.info/?l=john-users (July and August).

    If you need help just post.
    I like the bleeding edge, but I don't like blood loss

  5. #75
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    I have been looking at the table of contents and it looks messy to me. This has gotten me to think about how to better organize the material. I came up with the following. Some of the items are not in the current version and will be added in the next release. What do you think? Granted that john 1.7.3.1 and samdump2 v2.0 are not a part of BT3, but I think they work where they are. Or maybe I should added a section on available BT tool updates?

    1. Extracting hashes from the Windows SAM
    1.1. LM vs NTLM
    1.2. Syskey
    1.3. Using BT tools
    1.3.1. Bkhive
    1.3.2. Samdump2 v 1.1.1
    1.3.3. Samdump2 v 2.0
    1.4. Using Windows tools
    1.4.1. Pwdump
    1.4.2. Gsecdump
    1.4.3. Fgdump
    2. Cracking Windows Passwords
    2.1. Using BT tools
    2.1.1. John the ripper 1.7.2
    2.1.1.1. Cracking LM hash
    2.1.1.2. Cracking NTLM hash
    2.1.1.3. Cracking NTLM hash using lm password
    2.1.2. John the ripper 1.7.3.1
    2.1.2.1. Get and compile
    2.1.2.2. Cracking LM hash
    2.1.2.3. Cracking LM hash using known characters in known location (knownforce)
    2.1.2.4. Cracking NTLM hash
    2.1.2.5. Cracking NTLM hash using lm password (dumbforce)
    2.1.3. Mdcrack
    2.1.3.1. Cracking LM hash
    2.1.3.2. Cracking NTLM hash
    2.1.3.3. Cracking NTLM hash using lm password
    2.2. Using Windows tools
    2.2.1. John the ripper
    2.2.1.1. Cracking LM hash
    2.2.1.2. Cracking NTLM hash
    2.2.1.3. Cracking NTLM hash using lm password
    2.2.2. Mdcrack
    2.2.2.1. Cracking LM hash
    2.2.2.2. Cracking NTLM hash
    2.2.2.3. Cracking NTLM hash using lm password
    2.2.3. Ophcrack
    2.2.4. Cain and Able
    2.3. Using a Live CD
    2.3.1. Ophcrack
    3. Changing Windows Password
    3.1. Changing Local user Passwords
    3.1.1. Using BT tools
    3.1.1.1. Chntpw
    3.1.2. Using a Live CD
    3.1.2.1. Chntpw
    3.1.2.2. System rescue cd
    3.2. Changing AD passwords
    3.2.1. websites
    4. Cracking Linux Passwords
    5. Cracking Novell Passwords
    6. Cracking networking equipment password
    6.1. Using BT tools
    6.1.1. Hydra
    6.1.2. Xhydra
    6.1.3. Medusa
    6.2. Using windows tools
    6.2.1. brutus
    7. Cracking application passwords
    7.1. Oracle
    8. Wordlists
    8.1. Using John the Ripper to generate a wordlist
    8.2. Configuring John the Ripper to use a wordlist
    8.3. Using crunch to generate a wordlist
    8.4. Generate a wordlist from a textfile or website
    8.5. Using premade wordlists
    8.6. Other wordlist generators
    8.7. Manipulating your wordlist
    9. Rainbow Tables
    9.1. What are they?
    9.2. Generating your own
    9.3. rcrack - obsolete but works
    9.4. rcracki - new but doesn't work
    9.5. Generating a rainbow table
    9.6. WEP cracking
    9.7. WPA-PSK
    I like the bleeding edge, but I don't like blood loss

  6. #76
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Just a quick update. I haven't forgotten or abandoned the guide. I have been busy with other things. Version 0.7 is about 2/3 of the way done and I went with a table on contents similar to the layout above.
    I like the bleeding edge, but I don't like blood loss

  7. #77
    Junior Member
    Join Date
    Feb 2010
    Posts
    33

    Default

    Thanx man....
    Just downloaded it ... no problem what so ever

  8. #78
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    New Version 0.7

    Changes from version 0.6
    * added a section on generating a wordlist from a website
    * added head, tail, and sed commands to wordlist manipulation
    * added a section on xhdrya (pointing to Pureh@te's video)
    * added a section on gsecdump
    * added a section on medusa
    * added a section on cisco
    * expanded the crunch section
    * moved everything around in an effort to make things easier to find
    * the dumbforce and knownforce are not finished
    I like the bleeding edge, but I don't like blood loss

  9. #79
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Changes from version 0.7
    * Fixed john --incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w --test.cap
    missing a - Thanks to roblad for pointing it out
    I like the bleeding edge, but I don't like blood loss

  10. #80
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    2

    Default

    nice share! thanks!

Page 8 of 11 FirstFirst ... 678910 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •