Ever located an old capture file and you weren’t sure what was in it or needed to grab some quick statistics about another capture file? What about needed to run statistics on multiple capture files and present them via a database or a spreadsheet? Well if you have ever run into any of these scenarios…
Need to query Google for vulnerable SQL servers and extract MD5 hashes? The sqlscan.py Python script is your tool then. If you are using Backtrack release 5 you will first need install Python 2.4.4 and then fix sqlscan.py by following the instructions here and here. Once you have sqlscan.py functioning without errors proceed to the…
Recently I needed to find out information about a Juniper router password which is stored as a hash in the router configuration. The tricky part is while the password hash is technically a MD5 hash it is modified to make it unique and make it harder to crack. Luckily there is a way to crack…
Cisco devices running the Cisco IOS have three types of ways to display passwords in the device configuration which include Type 0, Type 5, and Type 7. Below we describe all three methods of storing passwords in the Cisco IOS device configuration and how to obtain the password from each method either by simply reading…
Hashcat is an excellent tool to use or security audits of passwords. I will be doing a series of articles relating to anything from simple brute forcing such as the article to more complex techniques using Hashcat, oclHashcat, and the Hashcat-gui on both Windows and Linux operating systems. The goal is to make people more…
I typically use Hashcat and oclHashcat in a Linux environment however I wanted to play around with the Windows version which includes the Hashcat-gui. When attempting to run the Hashcat-gui on my Windows 7 Ultimate 64-bit laptop to brute force a list of MD5 hashes I was receiving an error. The error is described below…
Recently some pretty major advances have come around in the world of GPU based hash cracking. Up untill now there was not much for Linux which would utilize multi GPUs to crack password hashs. This has been changed with the release of Oclhashcat. The release of oclhashcat signifies a signifigant jump in the speed on…
With the release of the new Question-Defense online NTLM, MD5 and MD4 cracker I decide to write a quick how to on grabbing the hash’s from a windows system. In order for this to work you need at least one username and logon of a user with admin privileges. I may in the future write…
I have decided to do a few pieces on password auditing over the next few days as sort of a follow up to some of my previous articles on passwords. By writing these , I hope to encourage people to use longer more secure passwords and not to worry so much about the convenience of…