CEH-Practical-Notes/Cryptography at main · cpardue/CEH-Practical-Notes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Hash identifier and Hash cracking

Hash Identifier
https://www.onlinehashcrack.com/hash-identification.php

Hash-identifier (CLI)

Hash Crack
https://crackstation.net/
https://hashes.com/en/decrypt/hash

Hashcat -a 3 -m 900 hash.txt /rockyou.txt

-a attack mode
-m hashtype
900 md4
1000 NTLM
1800 SHA512CRYPT
110 SHA1 with SALT HASH
0  MD5
100 SHA1
1400 SHA256
3200 BCRYPT
160 HMAC-SHA1

John
1. First analyze hash type - `john hashfile.hash`
2. Then crack hash - `john hashfile.hash --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-SHA1`
3. Show the cracked password - `john --show --format=Raw-SHA1 hashfile.hash` OR `john --show hashfile.hash


Hydra

- **FTP**: hydra -l user -P passlist.txt [ftp://10.10.46.122](ftp://10.10.46.122/)

            hydra -L userlist.txt -P passlist.txt [ftp://10.10.46.122](ftp://10.10.46.122/)

- SSH: hydra -l <username> -P <full path to pass> 10.10.46.122 -t 4 ssh
- Post Web Form: hydra -l <username> -P <wordlist> 10.10.46.122 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V

- `hydra -L /root/Desktop/Wordlists/Usernames.txt -P /root/Desktop/Wordlists/Passwords.txt ftp://[IP]`
- `hydra -l root -P passwords.txt [-t 32] <IP> ftp
- `hydra -L usernames.txt -P pass.txt <IP> mysql
- `hydra -l USERNAME -P /path/to/passwords.txt -f <IP> pop3 -V`
- `hydra -V -f -L <userslist> -P <passwlist> ***rdp***://<IP>`
- `hydra -P common-snmp-community-strings.txt target.com snmp
- `hydra -l Administrator -P words.txt 192.168.1.12 smb t 1
- `hydra -l root -P passwords.txt <IP> ssh