# Brute Force ## Credential Stuffing ## Password Cracking ### Hashes Examples | Mode | Name | Example | | ---- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 900 | MD4 | afe04867ec7a3845145579a95f72eca7 | | 0 | MD5 | 8743b52063cd84097a65d1633f5c74f5 | | 100 | SHA1 | b89eaac7e61417341b710b727768294d0e6a277b | | 1400 | SHA256 | 127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935 | | 1700 | SHA512 | 82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e29134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f | | 5000 | SHA-3(Keccak) | 203f88777f18bb4ee1226627b547808f38d90d3e106262b5de9ca943b57137b6 | | 6000 | RipeMD160 | 012cb9b334ec1aeb71a9c8ce85586082467f7eb6 | | 6100 | Whirlpool | 7ca8eaaaa15eaa4c038b4c47b9313e92da827c06940e69947f85bc0fbef3eb8fd254da220ad9e208b6b28f6bb9be31dd760f1fdb26112d83f87d96b416a4d258 | | 3000 | LM | 299bd128c1101fd6 | | 1000 | NTLM | b4b9b02e6f09a9bd760f388b67351e2b | | 5600 | NetNTLMv2 | admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 | | 5500 | NetNTLMv1 | u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c | | 2100 | DCC2 | $DCC2$10240#testuser#042641eb192965b665a9e720869c1dbc | | 2500 | WPA/WPA2 | \[[http://hashcat.net/misc/example\_hashes/hashcat.hccap\](http://hashcat.net/misc/example\_hashes/hashcat.hccap\\](http://hashcat.net/misc/example_hashes/hashcat.hccap]\(http:/hashcat.net/misc/example_hashes/hashcat.hccap\)/) | ### LM ``` hashcat -m 3000 -a 3 hash.txt ``` ``` john --format=lm hash.txt ``` ### NTLM ``` john --format=nt hash.txt ``` ``` hashcat -m 1000 -a 3 hash.txt ``` ### NTLMv1 (A.K.A. Net-NTLMv1) ``` john --format=netntlm hash.txt ``` ``` hashcat -m 5500 -a 3 hash.txt ``` ### NetNTLMv2 (A.K.A. Net-NTLMv2) ``` john --format=netntlmv2 hash.txt ``` ``` hashcat -m 5600 -a 3 hash.txt ``` ### DCC2 ``` hashcat64.exe -a 0 -m 2100 --status -r .\OneRuleToRuleThemAll.rule -o found.txt hashes.txt rockyou.txt ``` ### Kerberos ``` hashcat64.exe -m 13100 hash passwords.txt --rules .\OneRuleToRuleThemAll.rule -O -w 3 ``` ### ZIP Zip password cracker, similar to fzc, zipcrack ``` fcrackzip -D -v -u -p /word/list/ fileZip ``` ### Unshadow ``` unshadow passwd shadow > result ``` ``` john --wordlist=/....../rockyou.txt result ``` ### RSA Keys RSA Keys' passphrases can be brute-forced using JTR by converting the key to the appropriate input format john can work with: ``` ssh2john id_rsa > id_rsa.john; john –wordlist=/usr/share/wordlists/rockyou.txt id_rsa.john ``` ### Wordlists * * * ## Password Guessing ## Password Spraying