Brute-Force and Password Cracking Lab Walkthrough

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
Welcome to the brute force and password cracking. Lab walkthrough.
00:07
All right. So I'll log in Route
00:09
callie
00:13
and these two password files should be here.
00:17
Now. Like I said, you can use hash I. D. Or hash identifier on them. If you want to use hash id
00:23
you can
00:25
do something like this.
00:28
And it will tell you and go through all of these what these passwords could be. And it gives you a lot of options.
00:35
If you use hash identify her though
00:41
you can enter your hash here
00:44
And it will tell you that it's possibly an MD five. We can use that for our Shawon passwords.
00:51
Of course the names kind of give them away.
00:57
Okay. Show one. So we know that we're dealing with MD five and sha one. Now let's talk about rocket at tXT. But where is that?
01:04
So, if we go
01:07
to user
01:10
share
01:12
word lists,
01:19
you'll see it zipped here. You have to unzip it.
01:23
So extract it.
01:26
I'll extract it here.
01:30
And this is what only used to crack my passwords.
01:34
All right.
01:36
We see it's here now.
01:41
So this will help me with my format with johN
01:45
So I can do John MD five
01:49
format
01:51
equals
01:52
raw
01:53
MD five. We can run this
01:57
and now it's just using users share johN password list.
02:02
So that was really fast. If we want to do this with Sha one,
02:07
You knew John Sha one
02:12
Format Equals Raw Sha one. And we can also specify our word list equals user share
02:25
word lists.
02:27
Rock. You
02:29
let that go and you can see that it cracked. It
02:32
also tells you how to display it again.
02:35
Because if I go like this,
02:38
uh huh.
02:40
It doesn't specify it. I can go show
02:45
and it shows me the crack passwords.
02:49
All right. So, you'll notice If you don't specify the format, it may take a really long time to crack these. So that's why I identify them off the bat is very helpful.
02:59
So now we need to get on to this host. This Lennox host which is not explicable.
03:05
If you didn't end map
03:09
on port
03:12
1 5-4,
03:17
you'll notice something interesting.
03:24
Probably the easiest way to get in the box.
03:31
Medicine. Political root Shell. Well that's pretty easy. Right,
03:36
so we do need cat
03:38
1921-681-30
03:42
1 5-4. Now we are route
03:46
so we didn't do. Now
03:50
is I need to make two files locally for etc. Password etc. Shadow.
03:54
So split this vertically. I will cat at sea password.
04:03
I can grab all these,
04:10
nah, no password
04:17
then I can cat at sea Shadow
04:24
and grab all these.
04:38
Of course I could find out where I started this.
04:51
What can you just do it again?
05:12
There we go.
05:17
No, no
05:18
Shadow.
05:28
Okay now I can use unshackled oh,
05:32
password
05:34
Shadow
05:36
into passwords.
05:40
Cat password pass
05:45
words.
05:50
And it should combine these.
05:54
So now we could do is john
05:56
passwords.
06:01
Word list
06:04
equals user share
06:09
Wordless Rock. You
06:14
you'll notice we have the password for Kellogg sis
06:18
administrator and service right off the bat.
06:31
Now we also need to think about our wordless we're using we're using Rock you and we already have a known password right? Because we've done this before.
06:40
We know that MSF admin's password is MSF admin. I wonder if that's in rocky dot txt. So you could do MSF
06:49
admin
06:51
and see if it's in user share Wordless Rock You
06:58
and we see it's not
07:01
so it's not going to find that
07:03
it's not a fast track
07:08
isn't john
07:16
no.
07:18
So we wanted to we could add this to our word list. Right?
07:25
So I wanted to add that into
07:29
um
07:31
this password list.
07:33
It could open it.
07:44
That's why a lot of people have their own lists.
07:47
So I'm gonna add this. MSF admin.
07:54
Okay.
07:57
So I can get out of here and I can
08:01
not specify this and should default
08:07
wow. And that was pretty fast.
08:11
So now we should have
08:15
is collapse the sub terminal
08:18
and we will do show
08:24
and we see we have eight password hashes cracked. So we have ruined his. MSF admin sisters Batman, Kellogg,
08:31
MSF admin post grass user service administrator.
08:37
So that is how you crack all those passwords.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By