7MS #478: Password Cracking in the Cloud - Part 4
7 Minute Security29 Heinä 2021

7MS #478: Password Cracking in the Cloud - Part 4

Hey friends, today we're continuing our discussion of password cracking by sharing some methodology that has helped us get a high cred yield, and some tips on taking cracked passwords from multiple sources and Frankensteining them into a beautiful report for your customer.

For some background, when 7MS started as a biz, we used to crack passwords in Paperspace but invested in an on-prem cracking rig a few years ago. That rig has been flipping sweet, but had some heating issues which prompted me to send the system in for warranty and use an awesome cracking rig in AWS in the meantime.

Whether you're cracking locally or in the cloud, here's a quick methodology that has cracked many a hash for us:

  • Do a straight-up hashcat crack against the PwnedPasswords list (at time of this writing I don't have a good source for the cracked versions of these passwords. I used to grab them at hashes.org. Anybody got an alternative?

  • Do a straight-up hashcat crack through the RockYou2021 list

  • Run the hatecrack methodology, including the quick crack, the quick crack with rules (I'm partial to OneRuleToRuleThemAll), and brute-forcing all 1-8 character passwords

Once I'm ready to wrap up all the cracked passwords and put them in a nice shiny report for the customer, I do the following (using hashcombiner and pipal):

# Run hash_combiner on hashcat’s pot file and write results to a file python /opt/hc/hash_combiner.py user_hash /opt/hashcat/hashcat.potfile > /tmp/round1.txt # Run hash_combiner on hatecrack’s pot file and write results to a file python /opt/hc/hash_combiner.py user_hash /opt/hatecrack/hashcat.pot > /tmp/round2.txt # Cat the two files together into a third file cat /tmp/round1.txt /tmp/round2.txt > /tmp/round3.txt # Sort and de-dupe the third file cat /tmp/round3.txt | sort -uf > /tmp/nice-and-clean.txt # Take just the passwords out of the “nice and clean” output cut -d ':' -f 2 /tmp/nice-and-clean.txt > /tmp/pipal-temp.txt # Score the passwords using pipal /opt/pipal/pipal.rb /tmp/pipal-temp.txt > /tmp/pip-final.txt

Now you've got a nice-and-clean.txt list of users and their cracked passwords, as well as the pip-final.txt with deeper analysis of cracked passwords, their commonalities, etc.

Jaksot(682)

7MS #26: The Importance of Training and Awareness (audio)

7MS #26: The Importance of Training and Awareness (audio)

Training and awareness – specifically as it relates to infosec – is something companies can’t spend enough $ on. But from my experience, not enough of them are making this a front-burner priority. This episode talks about one topic I’m particularly passionate about. I call it “How not to click on bad stuff.” Download: 7MS #26:…

13 Syys 20147min

7MS #25: Writing Better Pentest Reports (audio)

7MS #25: Writing Better Pentest Reports (audio)

This episode talks about some pointers, tools and tips towards writing better pentest reports. Download: 7MS #25: Writing Better Pentest Reports (audio)

23 Elo 20148min

7MS #24: Why Wireless Scares Me (audio)

7MS #24: Why Wireless Scares Me (audio)

This episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web. Download: 7MS #24: Why Wireless Scares Me (audio)

16 Elo 20147min

7MS #23: OSCP – part 2 (audio)

7MS #23: OSCP – part 2 (audio)

In this episode I talk more about my adventures with OSCP and Offensive Security! . Download: 7MS #23: OSCP – part 2 (audio) Show notes: I recommend documenting ALL the exercises in the PDF. My understanding is that extra effort could be rewarded if you don’t do so hot on your final exam. Buffer overflows make…

9 Elo 20147min

7MS #22: Phishing with Black Squirrel (audio)

7MS #22: Phishing with Black Squirrel (audio)

In this episode I talk about using Black Squirrel to launch phishing campaigns! Download: 7MS #22: Phishing with Black Squirrel (audio) Show notes: Security Weekly is an excellent podcast/resource. Devour it regularly. Black Squirrel is the main tool discussed in this podcast. I’ve been using it for phishing campaigns and it’s been excellent in that capacity.

27 Heinä 20147min

7MS #21: OSCP – part 1 (audio)

7MS #21: OSCP – part 1 (audio)

In this episode I talk about my venture into Offensive Security! . Download: 7MS #21: OSCP – part 1 (audio) Show notes: It’s official – I have a death wish and have started the OSCP training. This episode is the first of what I hope will be a multi-part, spoiler-free series about my experience with OSCP. With…

20 Heinä 20147min

7MS #20: Moving from GoDaddy to DNSimple (audio)

7MS #20: Moving from GoDaddy to DNSimple (audio)

In this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home. Download: 7MS #20: Moving from GoDaddy to DNSimple (audio) Show notes: The service I’m talking about in this podcast is DNSimple. Troy Hunt‘s humorous/awesome article pushed me over the edge and convinced me to give DNSimple a…

15 Heinä 20147min

7MS #19: Kioptrix! (audio)

7MS #19: Kioptrix! (audio)

In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: The Kioptrix series of VMs is here: http://www.kioptrix.com/blog/test-page/ and here: http://vulnhub.com/?q=kioptrix&sort=date-des&type=vm. Got approved for my OSCP training and I start it in a few…

5 Heinä 20147min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
otetaan-yhdet
politiikan-puskaradio
et-sa-noin-voi-sanoo-esittaa
rss-vaalirankkurit-podcast
rikosmyytit
aihe
rss-mina-ukkola
the-ulkopolitist
rss-kyselytunti
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-suoraan-asiaan
rss-kaikki-paskaksi-ystavat
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka
rss-uutisia-euroopan-parlamentista