Page 9 of 11 FirstFirst ... 7891011 LastLast
Results 81 to 90 of 103

Thread: password cracking guide

  1. #81
    Just burned his ISO
    Join Date
    May 2008
    Posts
    1

    Default

    thX dude nice !!

  2. #82
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    3

    Default Thank you

    Thanks for putting all that effort into this.

    Truly appreciate the work thank you again, keep up great job

  3. #83
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    1

    Default

    well done, thanks for sharing

  4. #84
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    21

    Default

    thanks man very usefull informations

  5. #85
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Please note that with fgdump it's possible to extract the sam hashes remotely, by only knowing the local administrator password of a system.

  6. #86
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by Chobin73 View Post
    Please note that with fgdump it's possible to extract the sam hashes remotely, by only knowing the local administrator password of a system.
    How did you know my secret plan???

    I am adding a section on extracting hashes remotely for the next version as there have been some questions about that. Unfortunately updating crunch and looking for work has taken most of my time.

    Thanks for the reminder.
    I like the bleeding edge, but I don't like blood loss

  7. #87
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Quote Originally Posted by bofh28 View Post
    How did you know my secret plan???
    I'm a damn GENIUS!!!
    I am adding a section on extracting hashes remotely for the next version as there have been some questions about that. Unfortunately updating crunch and looking for work has taken most of my time.
    Well, sorry for your job...i swear someday we could finally have a linux porting of fgdump...it's terribly effective when used against windows DC's!!
    Thanks for the reminder.
    You're welcome: 200€, thank's!

  8. #88

    Default

    great work and the thing I love the most is in the hydra section, you covered using a single thread and not 30 or 40 like I have seen in other tutorials, I have seen routers being DoS by inexperience pentesters in the past bruteforcing with to many threads network equipment. I would also add dumping the hashes with meterpreter using hashdump as well as some of the incognito features in meterpreter.

  9. #89
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    17

    Smile hi BOFH...

    So when do we get to read your latest work. fingers crossed...waiting for it

  10. #90
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by BadKarmaPR View Post
    great work and the thing I love the most is in the hydra section, you covered using a single thread and not 30 or 40 like I have seen in other tutorials, I have seen routers being DoS by inexperience pentesters in the past bruteforcing with to many threads network equipment. I would also add dumping the hashes with meterpreter using hashdump as well as some of the incognito features in meterpreter.
    Thank you. I seen (and done) that too. However you also have to blame the router manufacturer sometimes. I have this old D-Link wireless router that just locks up if you if use hydra or medusa on it. Even with the proper and very conservative settings the router dies. It a firmware issue as we have 3 of these routers and they all exhibit this behavior. However the routers are so old they are nolonger supported and open firmware (dd-wrt) can't run on them as they only have 2MB of flash.

    I am not familiar with meterpreter. (A quick google later). OK it is a part of metasploit. metasploit is a very powerful framework. When I decided to write this guide I made one thing very clear to myself. I will only cover password cracking AFTER compromise. I would not show anyone how to exploit a system and then extract the password hashes. If I cover hashdump it will be from the point after the system has been compromised. I won't cover how to break into a system. There are already many other guides and threads that cover how to break into a system.

    It is a fine line I am trying to walk (especially since I starting to write the section about remotely extracting the hashes). I don't want to turn my guide into a step by step guide how to hack into something that any technological illiterate person could use to do something bad. Yes my guide is step by step but I try to educate the user along the way. I try to make them understand what they are doing and way.

    I hope you understand.
    I like the bleeding edge, but I don't like blood loss

Page 9 of 11 FirstFirst ... 7891011 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •