Guides
If you are new or like me forget the bazzilion command syntaxes in the world, the use of the man command will be super helpful as well as google foo! To help people on their way here are some example of basic SMB tools, these come with kali.
SMB typically operated on TCP 445
Hacking
I haven’t had tea but I was thinking about the MAC i was remoting into and I suddenly thought.. I wonder how to crack the hashes from a MAC. Surely it’s just cat /etc/passwd and cat /etc/shadow and then unshadow and run hashcat right?
WRONG!
The hashes for local users are stored here:
Read more “Hash Cracking for Modern OS X (10.8+)”
Hacking
Ok imagine this, you have got access to a file server and behold you find an unsecured, unencrypted backup of a domain controller (this isn’t made up I find these in networks sometimes!) and you yoink the NTDS.dit (or maybe it’s just a workstation SAM/SYSTEM file), you extract the hashes but now what, you need to crack those bad boys!
Check out the MS docs on how NT or LM Hashes are computed(hashed)! – (thanks @ANeilan for spotting my mistake!)
[MS-SAMR]: Encrypting an NT or LM Hash | Microsoft Docs
Read more “How to Crack NTHASH (commonly referred to as NTLM) password hashes?”
Defense
If you know me that one of the first things, I recommend organisations do is conduct password audits against active directory on a regular basis. There are a ton of ways to do this and depending upon size of directory and budget you will likely want to do this with more than a CPU however the process remains the same. So, with the news that a new release of L0phtcrack (open source) is online let’s take a look at how we can deploy and start cracking those hashes! This isn’t an end to end guide to cracking with l0phtcrack – but it does show the install process and provide considerations for your cracking adventures. Remember, only do this where you have authorisation. Read more “Password Auditing with L0phtcrack 7 – A quick intro”