Sometimes you obtain passwords that are in a hashed form. Due to the mathematical properties of (secure) hashes there are limited ways of recovering the plain text. Primarily this will be through brute force, or alternatively using word lists. oclHashcat is a fantastic hash cracking tool that takes advantage of your GPU to dramatically ramp up your...
Cracking passwords has two aspects that need to be considered when taking into account how likely it is to reveal the information you need. They are defined as follows:
Efficiency – The likelihood that your password set has the candidate password within it.
Power – How many attempts / guesses you can make per second, minute / random time fr...
Often you may wish to obtain access to a service or password protected area on a network. Examples of this may be trying to log into a ssh service, RDP, http-get (i.e. what your router pops up with), etc. There a multitude of tools that will allow you to perform these password attacks, hydra, medusa and ncrack are popular examples. Some tools may c...
Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.
python -c 'import pty; pty.spawn("/bin/sh")'
Windows remote desktop is a commonly used protocol throughout many networks. It provides remote access to windows machines when enabled.
rdesktop -u <username> -p <password> <ip address> -g <percentage / resolution></percentage></ip></password></username>
Often in the info world you’ll run into plenty of Base64 encoded strings. A typical giveaway is the trailing = or == in many cases.
base64 -i <file>
base64 -di <file>
-i : Useful for ignoring garbage.
-d : Decode, without this flag it will encode.
Example – Encoding Base64
Check Who You Are
Check Windows Version
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
Add a User
net user <username> <password> /add</password></username>
Add a User to the Administrators Group
net localgroup administrators <username> /add
A heap of simple linux commands that may prove useful to do basic things.
Requesting a DHCP IP Address
Setting a Static IP Address
ifconfig <interface> <ip address>/<cidr>
route add default gw <gateway IP Address>
echo nameserver <nameserver / Gateway IP Address>...
The logic of the script is to read in a list of username and password values, then push the usernames onto a queue. Each username (handled by an individual thread) goes through and tests each of the passwords in the list against the application. If the text that appears in a failed login appears it will print the failed message, otherwise it will p...
This really is a trivial code snippet, but as with most scripts it comes in handy because it simplifies even a basic task further. Save this to a simple filename like ‘hex2file’ and place it in your /usr/bin directory. Whenever you need to write out hex characters directly to a file use the following syntax.
hex2file 4142434445 > hexfile....