M4RCG04M
  • 👨‍💻Welcome to my GitBook
  • WRITEUPS
    • HackTheBox
      • Windows
        • Remote
      • Linux
        • Jarvis
        • Tabby
    • Proving Grounds Play
      • BBScute
      • FunBoxEasyEnum
      • Monitoring
      • Loly
      • Pelican
      • Payday
      • Snookums
  • OSCP Preparation List
    • Hack The Box
    • Proving Grounds
  • NOTES
    • UTILS
      • Useful Files
      • Payloads
      • Lateral Movement
    • ENUMERATION
      • Port 79 (finger)
      • Port 80 (HTTP)
      • Port 111 (RPCBIND)
      • PORT 161/udp (SNMP)
      • PORT 389,636,3268,3269 (LDAP)
      • Port 6697 (IRCD)
      • Database Analysis
      • Grafana
    • FILE TRANSFERS
    • ACTIVE DIRECTORY
      • Known Vulnerabilities
      • Without Credentials
        • Classic Attacks
      • With Username
      • Valid Credentials
      • Lateral Move
      • ACLs/ACEs permissions
      • Active Directory Certificate Services (AD CS)
      • Administrator account
      • Domain Admin
    • EXPLOTATION
      • Port 53 (DNS)
      • Port 80 (HTTP)
        • CMS
        • SQL INJECTION
        • XXE
        • File Upload
        • Cross Site Scripting (XSS)
      • Port 3389 (RDP)
      • Password Attacks
        • Hash Cracking
    • PRIVILEGE ESCALATION
      • Windows
        • Enumeration
        • Windows User Privileges
        • Windows Group Privileges
        • Weak Permissions
        • Windows Vulnerabilities
        • Credential Hunting
        • Tools
      • Linux
        • Enumeration
Powered by GitBook
On this page
  • LM
  • NTLM
  • NetNTLMv1
  • NetNTLMv2
  • Kerberos 5 TGS
  • Kerberos 5 TGS AES128
  • Kerberos 5 TGS AES256
  • Kerberos ASREP
  • MsCache 2
  • MD5
  1. NOTES
  2. EXPLOTATION
  3. Password Attacks

Hash Cracking

LM

john --format=lm hash.txt
hashcat -m 3000 -a 3 hash.txt wordlist.txt

NTLM

john --format=nt hash.txt
hashcat -m 1000 -a 3 hash.txt wordlist.txt

NetNTLMv1

john --format=netntlm hash.txt
hashcat -m 5500 -a 3 hash.txt wordlist.txt
https:/crack.sh

NetNTLMv2

john --format=netntlmv2 hash.txt
hashcat -m 5600 -a 0 hash.txt wordlist.txt

Kerberos 5 TGS

john spn.txt --format=krb5tgs --wordlist=wordlist.txt
hashcat -m 13100 -a 0 hash.txt wordlist.txthas

Kerberos 5 TGS AES128

hashcat -m 19600 -a 0 spn.txt wordlist.txt

Kerberos 5 TGS AES256

hashcat -m 19700 -a 0 spn.txt wordlist.txt

Kerberos ASREP

hashcat -m 18200 -a 0 AS-REP_roast-hashes wordlist.txt

MsCache 2

hashcat -m 2100 -a 0 mscache-hash wordlist.txt

MD5

john hash --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-MD5
john hash --show --format=Raw-MD5
hashcat -m 0 hash wordlist.txt
PreviousPassword AttacksNextPRIVILEGE ESCALATION

Last updated 4 months ago