TurboWindX
  • Welcome
  • Hacking Methodologies
    • Known Tools & Technologies
    • Kill Chain
    • Phyisical and hardware
      • Full Screen Escape
  • Checklist - WebApps
  • Checklist - Windows
  • External Recon
    • Ports & services scanning
    • Web Recon
      • CMS
        • Wordpress
      • Path traversal & LFI/RFI
      • XSS - Cross site scripting
      • XML External Entity - XXE
  • Internal Recon
    • Active Directory
  • Post Exploitation
    • Container/Sandbox Breakout
    • Privilege Escalation
      • Hashing & Cracking
    • Persistence
      • Windows
    • Data Exfiltration
      • Steganography
      • Pivot & Tunneling
  • Shells
  • Protocols
    • FTP
    • SSH
    • DNS
    • IPP
  • Binary Exploitation
    • Linux - Simple reverse & crack
  • Memory Analysis
  • Forensics
  • Android & iOS
  • Database Injection & Exploitation
  • DDoS
  • Kubernetes & Docker
  • Phish
Powered by GitBook
On this page
  • What is hashing
  • Cracking hashes
  • Using Hashcat
  • Using John
  • HTTP Basic Authorization Header Brute Force
  • HTTP Post form Brute Force

Was this helpful?

  1. Post Exploitation
  2. Privilege Escalation

Hashing & Cracking

What is hashing

Hashing is simply passing some data through a formula that produces a result, called a hash. That hash is usually a string of characters and the hashes generated by a formula are always the same length, regardless of how much data you feed into it. (SHA,MD5,MD4,GOST)

Cracking hashes

Using Hashcat

You can use the list here which is a complete list of Hashcat supported hash types. 

hashcat -m <hash-type> -a 0 <hash> <wordlist>

Using John

Sometimes you might have difficulties with Hashcat, try John

john <hash> --wordlist=/usr/share/wordlists/rockyou.txt

HTTP Basic Authorization Header Brute Force

Basic authorization is..basic. A username and a password separated by a colon is then encoded in Base64. The screenshot below demonstrate the credentials admin:admin being sent through the Authorization header of an HTTP request.

hydra -l admin -P passwordlist -s <port> -f example.com http-get /api/v1/users -vV -t 64

ProTip: You can/should always test first by using a set of valid credentials and check if it returns it valid. 

hydra -l known_user -p known_password -s <port> -f example.com http-get /api/v1/users -vV

HTTP Post form Brute Force

Most of the time, authentication is made via a form posted to the web server. You can try to brute force it but watch out for CSRF. Try sending the same request twice using burp. 

hydra -l admin -P /usr/share/wordlists/rockyou.txt -s 31111 -f example.com http-post-form '/user/login:user_name=^USER^&password=^PASS^:Credz are incorrect.' -vV -t 64
PreviousPrivilege EscalationNextPersistence

Last updated 3 years ago

Was this helpful?