Red Teaming and Malware Analysis
  • About
  • Red Teaming
  • Cheat Sheet
    • Web
      • Misc
      • File Upload bypass
      • Authentication bypass
      • SQL Injection
      • XSS
      • XXE
      • Reverse-shell
      • Webshell
      • (De)Serialization
    • Active Directory
    • Services by port
      • Enum
      • 5060 - SIP
      • 25 - SMTP
      • 135 - RPC
      • 445 - SMB
      • 11211 - PHPMemCached
      • ldap
    • Hardening
    • Stuff
      • Basic tips/scripts
      • OpenBSD & NetBSD
      • File Transfer
      • Pivoting
  • Active Directory 101
    • Dumping Active Directory DNS using adidnsdump
    • PrintNightmare
    • From DFSCoercer to DA
  • Fuzzing and Web
    • Server Side Template Injection (SSTI)
    • Finding SSRF (all scope)
    • Format String Exploitation
    • Cache Poisoning using Nuclei
  • Initial Foothold
    • Browser In The Browser (BITB) Attack
    • Phishing with Office
      • Weaponizing XLM 4.0 macros
  • Privilege Escalation (Privesc)
    • AV/EDR Bypass
      • Bypass AV/EDR using Safe Mode
      • Resources
    • UAC bypass
    • Process migration like meterpreter
  • Lateral Movement (Pivoting)
    • From Windows VPN + Kali VPN + DC
      • By using Proxifier
  • Persistence
  • Command and Control (C&C)
    • CobaltStrike 101
      • Pivoting DMZ: weevely + ngrok + CS Pivot COMBO via Linux
      • Extras + Plugins
      • Resources
  • Data Exfiltration
    • Extracting certs/private keys from Windows using mimikatz and intercepting calls with burpsuite
  • CVE & Exploits / CTF
    • Privilege Escalation
    • Serialization
    • CVEs
      • CHIYU IoT devices
      • Chamilo-lms-1.11.x - From XSS to account takeover && backdoor implantation
    • CVE - Submission Guides
  • Tools
    • Intel
    • OSINT
    • DNS
    • WEB
      • API and WS Hacking
      • Web Discovery
      • Web Fuzzing
      • Path Traversal
      • GraphQL
      • JWT
    • Infrastructure and Network
      • Scan and Discovery
        • Network mapper
      • Automated Scanners
      • Misc
      • Active Directory
        • Burpsuite with Kerberos Auth
      • Cloud & Azure
      • Command and Control (C&C)
      • (De)serialization
      • Lateral Movement
      • Powershell
    • Privilege Escalation
    • Exfiltration
    • Persistence
    • Password & Cracking
      • Wordlists
      • Tips
      • Rainbow Crackalack
    • Static Code Analysis
    • Reporting
  • Resources
  • Pwnage
    • WiFi
      • HOSTAPD-WPE
      • Rogue APP
      • WPA3 Downgrade attack
    • NRF
    • rubber ducky
  • Malware Analysis
  • Unpacking
  • Basic tips
  • Malware instrumentation with frida
  • Tools
    • Debuggers / Disassemblers
    • Decompilers
    • Detection and Classification
    • Deobfuscation
    • Debugging and Reverse Engineering
    • Memory
    • File Analysis
    • Emulators
    • Network Traffic Analysis
    • Other
    • Online Tools
  • Resources
    • DFIR FTK Imager
    • Convert IP Range into CIDR
    • Parsing Large Raw Files and Excluding Country IP Address Ranges
    • Windows Logs Automation
      • amcache.hve
    • Windows EventViewer Analysis | DFIR
    • Prevent Windows shutdown after license expire
    • Firewall raw Logs
  • Mobile
    • Tools
    • Reverse iOS ipa
      • Jailbreak
      • Install Frida iPhone 5S
      • Frida instrumentation
      • Resources / Extra features
    • Reverse Android APKs
      • Android Dynamic Analysis
      • Bypass root + Frida
      • SSL unpining frida + Fiddler/Burp
      • Backdooring/patch APKs
    • Basic tips
    • Resources
  • IoT / Reverse / Firmware
    • Basic tips
      • Repair NTFS dirty disks
    • Reverse IoT devices
      • Reverse TP-Link Router TL-WR841N
      • Reverse Trendnet TS-S402 firmware
      • Full emulate Netgear WNAP320
      • Reverse ASUS RT-AC5300
      • Reverse LinkOne devices
    • Tools
      • Qemu + buildroot 101
      • Kernel
    • Resources
Powered by GitBook
On this page
  • assless-chaps
  • Hashes online

Was this helpful?

  1. Tools

Password & Cracking

PreviousPersistenceNextWordlists

Last updated 6 months ago

Was this helpful?

: Recovers passwords from pixelized screenshots.

bopscrk: Before Outset PaSsword CRacKing is a tool to generate smart and powerful wordlists for targeted attacks.

crackpkcs12 -d dictionary.txt certificate.pfx
Linux:
hashcat hash.txt -a 0 -m 3200 -w 4 --username -r /usr/share/hashcat/rules/best64.rule wordlist.txt --force

-r option will permutate the words, e.g:
password, password!, password1, password21, password30

Windows:
hashcat64.exe -a 0 --session=2021-04-02 -m 3200 -w 4 --username --force --status --status-timer=60 -p : -O --hwmon-disable -o "C:\Users\xxx\Desktop\cracked.txt" --outfile-format=3 -r "C:\Users\xxx\Desktop\hashcat-5.1.0\rules\nsav2.rule" "C:\Users\xxx\Desktop\hash.txt" "C:\Users\xxx\Desktop\wordlist.txt"
python statsgen.py rockyou.txt

Script to keep repetition of NTDS passwords when cracked with hashcat before analyze them with pipal:

#script to count repetitions of cracked passwords
import sys

if len(sys.argv) != 3:
    print("Usage: python script.py arg1[ntds_file] arg2[cracked_file]")
    print("Please provide exactly 2 arguments.")
    sys.exit(1)

if __name__ == "__main__":
	ntds_hashes = {}
	cracked_hashes= {}
	file_name_ntds = sys.argv[1]
	file_name_cracked= sys.argv[2]
	file_name_output = "output.txt"

	with open(file_name_output, 'w') as output_file:

	#open ntds file and compare if the hash is in cracked
		with open(file_name_ntds, 'r') as ntds_file:
			for line_ntds in ntds_file:
				parts = line_ntds.strip().split(':')
				with open(file_name_cracked, 'r') as cracked_file:
					for line_cracked in cracked_file:
						parts1 = line_cracked.strip().split(':')
						if parts[3] == parts1[0]:
						    output_file.write(parts1[1]+"\n")




$ python3 bridgekeeper.py --file names.txt --format {f}{last}@example.com --output example-employees/ --debug

Name: John Adams Smith
{f}{last}                   > jsmith
{f}{m}.{last}               > ja.smith
{f}{last}[4]@example.com    > jsmit@example.com

assless-chaps

Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes

Hashes online

: Password list generator for password spraying - prebaked with goodie.

: Easily create word's permutation and combination to generate complex wordlists and passwords.

A multithreaded program to crack PKCS#12 files (p12 and pfx extensions) by Aestu.

This is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.

: PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

: Pipal, THE password analyser.

: Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format.

spraygen
cook
crackpkcs12:
hashcat:
pack
pipal
BridgeKeeper
Depix
LogoGitHub - beurtschipper/Depix: Recovers passwords from pixelized screenshotsGitHub
LogoGitHub - digininja/pipal: Pipal, THE password analyserGitHub
LogoGitHub - sensepost/assless-chaps: Crack MSCHAPv2 challenge/responses quickly using a database of NT hashesGitHub
LogoDecrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online
LogoCrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
LogoHash Analyzer - TunnelsUP
Logohashcat - advanced password recovery
Weakpass
LogoHashmob | Password Recovery Community | Resources, Guides & Tutorials
LogoFree Leakcheck By Cybertoolbank.cc
LogoDeHashed — #FreeThePassword
LogoLeakCheck - Find out if your credentials have been compromised
LogoHave I Been Pwned: Check if your email has been compromised in a data breach