Jan 212014

You can probably get by with leaving off that last part of the title and still succeed with this attack.  Today we will be making a Password Pwn Stew.  Add a little Ettercap (link), with a dash of Metasploit (link), a smidgen of password cracking with Rcrack (link) and Rainbowtables (link), and if required a pinch of Hashcat (link) to taste.  You will have yourself some tasty pwnage.

Note, your mileage may vary with this stew.  I’m not Martha Stewart.  Also the stew analogy ends here 🙂
Continue reading »

Jan 022014

When you obtain a NetLM password hash with the known challenge of 1122334455667788 you are able to utilize the HALFLMCHALL rainbowtable to identify the first seven (7) characters of the password. The second half is left to identify. Tutorials exist (including my site, as well as here and here) on how to capture the NetLM hash using Metasploit. Metasploit comes with a Ruby script in the tools folder that will bruteforce the remaining characters of the password when you provide the complete NetLM hash and the first seven (7) characters of the recovered password. However, for passwords that are 11+ characters it is time prohibitive to bruteforce the remaining characters as show below.
Continue reading »