Brute-Force and Password Cracking Lab Walkthrough

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
18 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
Welcome to the brute force and password cracking. Lab walkthrough.
00:07
All right. So I'll log in Route
00:09
callie
00:13
and these two password files should be here.
00:17
Now. Like I said, you can use hash I. D. Or hash identifier on them. If you want to use hash id
00:23
you can
00:25
do something like this.
00:28
And it will tell you and go through all of these what these passwords could be. And it gives you a lot of options.
00:35
If you use hash identify her though
00:41
you can enter your hash here
00:44
And it will tell you that it's possibly an MD five. We can use that for our Shawon passwords.
00:51
Of course the names kind of give them away.
00:57
Okay. Show one. So we know that we're dealing with MD five and sha one. Now let's talk about rocket at tXT. But where is that?
01:04
So, if we go
01:07
to user
01:10
share
01:12
word lists,
01:19
you'll see it zipped here. You have to unzip it.
01:23
So extract it.
01:26
I'll extract it here.
01:30
And this is what only used to crack my passwords.
01:34
All right.
01:36
We see it's here now.
01:41
So this will help me with my format with johN
01:45
So I can do John MD five
01:49
format
01:51
equals
01:52
raw
01:53
MD five. We can run this
01:57
and now it's just using users share johN password list.
02:02
So that was really fast. If we want to do this with Sha one,
02:07
You knew John Sha one
02:12
Format Equals Raw Sha one. And we can also specify our word list equals user share
02:25
word lists.
02:27
Rock. You
02:29
let that go and you can see that it cracked. It
02:32
also tells you how to display it again.
02:35
Because if I go like this,
02:38
uh huh.
02:40
It doesn't specify it. I can go show
02:45
and it shows me the crack passwords.
02:49
All right. So, you'll notice If you don't specify the format, it may take a really long time to crack these. So that's why I identify them off the bat is very helpful.
02:59
So now we need to get on to this host. This Lennox host which is not explicable.
03:05
If you didn't end map
03:09
on port
03:12
1 5-4,
03:17
you'll notice something interesting.
03:24
Probably the easiest way to get in the box.
03:31
Medicine. Political root Shell. Well that's pretty easy. Right,
03:36
so we do need cat
03:38
1921-681-30
03:42
1 5-4. Now we are route
03:46
so we didn't do. Now
03:50
is I need to make two files locally for etc. Password etc. Shadow.
03:54
So split this vertically. I will cat at sea password.
04:03
I can grab all these,
04:10
nah, no password
04:17
then I can cat at sea Shadow
04:24
and grab all these.
04:38
Of course I could find out where I started this.
04:51
What can you just do it again?
05:12
There we go.
05:17
No, no
05:18
Shadow.
05:28
Okay now I can use unshackled oh,
05:32
password
05:34
Shadow
05:36
into passwords.
05:40
Cat password pass
05:45
words.
05:50
And it should combine these.
05:54
So now we could do is john
05:56
passwords.
06:01
Word list
06:04
equals user share
06:09
Wordless Rock. You
06:14
you'll notice we have the password for Kellogg sis
06:18
administrator and service right off the bat.
06:31
Now we also need to think about our wordless we're using we're using Rock you and we already have a known password right? Because we've done this before.
06:40
We know that MSF admin's password is MSF admin. I wonder if that's in rocky dot txt. So you could do MSF
06:49
admin
06:51
and see if it's in user share Wordless Rock You
06:58
and we see it's not
07:01
so it's not going to find that
07:03
it's not a fast track
07:08
isn't john
07:16
no.
07:18
So we wanted to we could add this to our word list. Right?
07:25
So I wanted to add that into
07:29
um
07:31
this password list.
07:33
It could open it.
07:44
That's why a lot of people have their own lists.
07:47
So I'm gonna add this. MSF admin.
07:54
Okay.
07:57
So I can get out of here and I can
08:01
not specify this and should default
08:07
wow. And that was pretty fast.
08:11
So now we should have
08:15
is collapse the sub terminal
08:18
and we will do show
08:24
and we see we have eight password hashes cracked. So we have ruined his. MSF admin sisters Batman, Kellogg,
08:31
MSF admin post grass user service administrator.
08:37
So that is how you crack all those passwords.
Up Next