Avatar

Ruben Dario Caravajal Herrera

Posts by Ruben Dario Caravajal Herrera

Findmyhash password cracking

Findmyhash helps you to decipher some common hashes, and speedily, besides that, it is elementary to use you should only have installed python in your machine.

If you are passionate about deciphering passwords, this is a tool you should know. The first thing we must do is download the tools from the following link; this example is done from a Linux.

https://code.google.com/archive/p/findmyhash/downloads

I recommend Linux lite, is very light and stable, besides that is from the family of Debian, its interface is very helpful.

After downloading the file you just have to open a terminal in the folder where the file.py is located.

python findmyhash_v1.1.2.py MD5 -h "098f6bcd4621d373cade4e832627b4f6"

this will not take long and the result is as follows

python findmyhash_v1.1.2.py MD5 -h "25d55ad283aa400af464c76d713c07ad"

The result of the previous command line is as follows.

In the previous example utilizamod MD5 as shown in the images but acontinucacion you have a list of all the algorithms with which you can make tests.

Accepted algorithms are

MD4 – RFC 1320
MD5 – RFC 1321
SHA1 – RFC 3174 (FIPS 180-3)
SHA224 – RFC 3874 (FIPS 180-3)
SHA256 – FIPS 180-3
SHA384 – FIPS 180-3
SHA512 – FIPS 180-3
RMD160 – RFC 2857
GOST – RFC 5831
WHIRLPOOL – ISO/IEC 10118-3:2004
LM – Microsoft Windows hash
NTLM – Microsoft Windows hash
MYSQL – MySQL 3, 4, 5 hash
CISCO7 – Cisco IOS type 7 encrypted passwords
JUNIPER – Juniper Networks $9$ encrypted passwords
LDAP_MD5 – MD5 Base64 encoded
LDAP_SHA1 – SHA1 Base64 encoded

This is another example.

result

I invite you to try this tool with other hashes and analyze the results, maybe it can be useful if you need a very fast result.

If you are interested in learning more, we invite you to review this course.

Medusa

A brute force attack is the way to recover a key by trying all possible combinations until you find the one that allows access.

What is Medusa?

Medusa is one of the great tools for brute force. Based on word dictionaries, it is very stable, simple fast and allows attacks on many services.

Sintaxis

Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]

How is it used?

Before cracking, we should establish whether the system is running an SSH service. Most probably SSH will be running on Port 22. This is the port that we will be using with Nmap. In a terminal, type:

nmap -sV -p 22 172.31.2.117

The -sV is a service scan while -p is to scan specific ports in our case, port 22. Other scans  in nmap include the FIN scan and the SYN scan:

sudo -H nmap -sF -p 22 172.31.2.117

sudo -H nmap -sS -p 22 172.31.2.117

When you need to scan all the systems on the network, include /24 at the end of the IP. It should look like this:

nmap -sV -p 22 172.31.2.0/24
On determining that an SSH service is running on port 22, we can proceed to crack.

#Medusa
Medusa is an awesome online cracking tool especially cracking SSH, Telnet, and FTP services. In case you’ve not installed Medusa type in a terminal:

sudo -H apt-get install medusa

On installing, type:

medusa --help
your screen should be similar to my screenshot:

medusa -h (host) -u (username) -P (wordlist) -M ssh

Medusa doesn’t include a brute-force method that tries out every probable password combination. Instead, it makes use of a wordlist. SecLists49 is a good set of wordlists that I’ve found on the internet. How fast medusa will try to crack the password depends on how big your wordlist is as well as the quality of your internet connection. In my opinion, the root account is what you’d want to try and crack. There are several modules, however, since we are cracking the SSH password the -M flag will be set to ssh.

If you are interested in learning more, we invite you to review this course.

WSC2

Introduction

WSC2 is a PoC of using the WebSockets and a browser process to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server.

Installation

we clear the repository with the following command

$ git clone https://github.com/Arno0x/WSC2.git

we access the folder and list to see what it has

$ cd WSC2/
$ ls

we install the requirements remember that before you must create a virtaul environment with virtualenv

$ pip install -r requirements.txt

we modified the following file, you can do it with nano in this case we did it with vim. We edit the variable CALLBACK, we write our IP bone that of the attacking machine.

$ vim config.py

then we write the following command and press enter.

$ ./wsc2.py

We are going to create a batch file. But we can use many other types of stager options. This tool provides stager in jscript1, jscript2, jscript3. We are using jscript1 here because it is not required to compile. Rest of the stagers are required to compile. This command will create a wsc2Agent1.js in stagers directory.

$ genStager jscript1

We open a new terminal and enter the next location.

$ cd WSC2/

then we enter the next folder.

$ cd stagers/
$ python -m SimpleHTTPServer 80

This would be the way you would see entering from another machine, you can also use social engineering to get this file to your victim.

Resources:

github.com/Arno0x/WSC2

If you are interested in learning more, we invite you to review this course.

Python For InfoSec Professionals

Try Certified Ethical Hacker for FREE!!!

W3af

We always want to be doing safety tests, and we think we should create our own tools. There are many things created by other people that can facilitate our checks, one of them is w3af.

what is w3af?

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

what can we do?

  1. Exploiting Web application vulnerabilities
  2. Scan REST APIs
  3. Web Application Payloads
  4. Metasploit integration

installation

git clone https://github.com/andresriancho/w3af.git

cd w3af/
./w3af_console
./tmp/w3af_dependency_install.sh

How is it used?

command to start the console

./w3af_console

The vast majority of which you can use by the terminal has this help command.

help

W3AF contains a series of utilities that support the process of discovery and exploitation of vulnerabilities, all these utilities are located in <W3AF_DIR> / tools.

gencc

Generate valid credit card numbers

cd tool
ls

./gencc -t mastercard

./gencc -t visa16

urldecode

Try decoding a given URL, often used to decode URLs in plain text ASCII format

./urldecode -d http%3A%2F%2Flocalhost%2Fw3af

Resources:

docs.w3af.org

If you are interested in learning more, we invite you to review this course.

Python For InfoSec Professionals