Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

9.3 KiB

##Password Bruting and Hashcracking

Sort

TOC

Cull *General

###Cull http://blog.erratasec.com/2011/06/password-cracking-mining-and-gpus.html#.VG3xspPF_tw

http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/

Dumping a Domains worth of passwords using mimikatz

Dump Windows password hashes efficiently - Part 1

Password Recovery Speeds

  • Password cracking time measurements

###General Hashtag

  • Password hash identification tool written in python

List of hash types/examples

###Making Better Passwords

Mnemonic Password Formulas

  • The current information technology landscape is cluttered with a large number of information systems that each have their own individual authentication schemes. Even with single sign-on and multi-system authentication methods, systems within disparate management domains are likely to be utilized by users of various levels of involvement within the landscape as a whole. Due to this complexity and the abundance of authentication requirements, many users are required to manage numerous credentials across various systems. This has given rise to many different insecurities relating to the selection and management of passwords. This paper details a subset of issues facing users and managers of authentication systems involving passwords, discusses current approaches to mitigating those issues, and finally introduces a new method for password management and recalls termed Mnemonic Password Formulas.

###Cracking Passwords/Hashes

Introduction to Cracking Hashes

  • Good introduction source to hash cracking.

###App Specific Tools(as in single application focus)

crackxls2003 0.4

  • This program may be used to break the encryption on Microsoft Excel and Microsoft Word file which have been encrypted using the RC4 method, which uses a 40-bit-long key. This was the default encryption method in Word and Excel 97/2000/2002/2003. This program will not work on files encrypted using Word or Excel 2007 or later, or for versions 95 or earlier. It will not work if a file was encrypted with a non-default method. Additionally, documents created with the Windows system locale set to France may use a different encryption method.

####OCL/Hashcat

OCL hashcat wiki

  • Its the Wiki

OCL hashcat

  • It’s OCL hashcat

Hashcat attacks Mask atttack

  • Try all combinations from a given keyspace just like in Brute-Force attack, but more specific.

Combinator attack

  • Each word of a dictionary is appended to each word in a dictionary.

Dictionary attack

  • The dictionary attack is a very simple attack mode. It is also known as a “Wordlist attack”.

Fingerprint Attack

  • The Fingerprint attack is a combination of the results of the expander with a combination engine. It is an automatically generated attack on pattern that works fine on GPGPU.

Hybrid attack

  • Basically, the hybrid attack is just a Combinator attack. One side is simply a dictionary, the other is the result of a Brute-Force attack. In other words, the full Brute-Force keyspace is either appended or prepended to each of the words from the dictionary. That's why it's called “hybrid”.

Mask attack

  • Try all combinations from a given keyspace just like in Brute-Force attack, but more specific.

[Permutation attack[(http://hashcat.net/wiki/doku.php?id=permutation_attack)

  • Each word in a dictionary generates all permutations of itself.

Rule Based attack

  • The rule-based attack is one of the most complicated of all the attack modes. The reason for this is very simple. The rule-based attack is like a programming language designed for password candidate generation. It has functions to modify, cut or extend words and has conditional operators to skip some, etc. That makes it the most flexible, accurate and efficient attack.

Table Lookup attack

  • With each word in our dictionary, it automatically generates masks as in a batch of Mask attack.

Toggle-Case attack

  • For each word in a dictionary, all possible combinations of upper- and lower-case variants are generated.

###Writeups

How to crack password hashes efficiently

  • Excellent writeup/methodology explanation

[Building a Better GPU based hash cracking methodology](https://blog.netspi.com/gpu-password-cracking-building-a-bette Penr-methodology/)

  • Bit basic advice but still great advice nonetheless

5min Guide to setting up a GPU cracker in the cloud on AWS + a script to automate it all

###Tools

Patator

  • Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors.

Firefox password cracker

###Wordlist Generation

GitDigger

  • gitDigger: Creating realworld wordlists from github hosted data.

Wikigen

  • A script to generate wordlists out of wikipedia pages. Should support most of the subdomains. Some ugly code may occur

CeWL

  • CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

Generating Wordlists

Creating Wordlists with Crunch

###Wordlists Crackstation’s Password Cracking Dictionary 1.5b words

  • HIGHLY recommended

WPA/WPA2 Dictionaries

SkullSecurity Password lists

CrackStation’s Password Cracking Dictionary

Crack Me if You Can - Defcon 2010

###Papers

Optimizing computation of Hash Algorithms as an attacker

Attacking NTLM with Precomputed Hashtables

  • Breaking encrypted passwords has been of interest to hackers for a long time, and protecting them has always been one of the biggest security problems operating systems have faced, with Microsoft's Windows being no exception. Due to errors in the design of the password encryption scheme, especially in the LanMan(LM) scheme, Windows has a bad track in this field of information security. Especially in the last couple of years, where the outdated DES encryption algorithm that LanMan is based on faced more and more processing power in the average household, combined with ever increasing harddisk size, made it crystal clear that LanMan nowadays is not just outdated, but even antiquated.

Website Dedicated to Password Research

  • A core objective of the Password Research Institute is to improve the industry awareness of existing authentication research. Many valuable solutions for the problems associated with authentication have gone unnoticed by the people interested in, or responsible for, authentication security. This project will compile and share a comprehensive, but moderated, index of password and authentication related research papers. We aim to share the details of useful papers, provide access to the papers, and encourage collaboration between authors and other security professionals.