Password Attacks

Remote Password Attacks

Before we begin, we need to create and gather dictionaries

Create additional dictionaries according to our current target

De-ICE 1.100

we see a list of different e-mail addresses

we can use these e-mails to build a list

well. We may be able to avoid adding variations if we already know the pattern used within an organization to assign usernames to employees

we have a partial list of potential login names.

root

adamsa

banterb

...

we conduct an Nmap scan against the target system

Weak password for username “bbanter.” (Hydra)

“bbanter” has very limited access to the system

othing useful on the system

attack against the “aadams”

we will be using the “rockyou.txt” file available at SkullSecurity.org

Successful dictionary attack

Local Password Attacks

dependent on our ability to capture hashes from a compromised system

Hashes from Metasploitable

we launch JTR against the hash file using the rockyou.txt dictionary

“msfadmin” username has a password of “msfadmin”

Dictionary Attacks

results matching ""

    No results matching ""