NetSec

Ramblings of a NetSec addict

Generating Wordlists

Cracking passwords has two aspects that need to be considered when taking into account how likely it is to reveal the information you need. They are defined as follows:

  • Efficiency – The likelihood that your password set has the candidate password within it.
  • Power – How many attempts / guesses you can make per second, minute / random time frame.

    • With the increase in GPU crackers, oclHashcat being my favorite, a large emphasis has increasingly been put on power as opposed to efficiency. People suspect that because they can throw a wordlist of 1 billion entries against a hash that it’s the optimal solution. I’m not saying that you shouldn’t try it as your last resort, but perhaps there is a better way to put the odds in your favour.
    [Read more…]

    Multi-Threaded Brute Forcer

    Recently I undertook a challenge that needed attempt a brute force login on an application. I quickly wrote up a brute forcing script that took advantage of threads to increase the rate of attempts. This application is not usable ‘as is’ because of course you’ll need to modify and enter your own IP address and login syntax. Otherwise it should be useful as a template to threadify any tasks you wish to complete.

    The logic of the script is to read in a list of username and password values, then push the usernames onto a queue. Each username (handled by an individual thread) goes through and tests each of the passwords in the list against the application. If the text that appears in a failed login appears it will print the failed message, otherwise it will print login successful.
    [Read more…]

    Obtaining Windows Passwords

    The windows passwords can be accessed in a number of different ways. The most common way would be via accessing the Security Accounts Manager (SAM) file and obtaining the system passwords in their hashed form with a number of different tools. Alternatively passwords can be read from memory which has the added benefit of recovering the passwords in plain text and avoiding the cracking requirement. In order to understand the formats you’ll see when dumping Windows system hashes a brief overview of the different storage formats is required.
    [Read more…]