Scribd Logo
Upload

Welcome to Scribd!

  • Bruteforce and Password Cracking

    Uploaded by

    contact
    9 views3 pages
    This document outlines the process of brute force password cracking on a remote host, including finding the host's IP address via ping sweep, using Nmap to check for open ports like SSH and telnet, using Hydra to find valid credentials for those services, accessing password and shadow files after logging in via SSH, copying those files locally and cracking the hashes with John the Ripper using a default password wordlist to recover passwords.

    Original Description:

    Original Title

    Bruteforce and password cracking

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines the process of brute force password cracking on a remote host, including finding the host's IP address via ping sweep, using Nmap to check for open ports like SSH and telnet, using Hydra to find valid credentials for those services, accessing password and shadow files after logging in via SSH, copying those files locally and cracking the hashes with John the Ripper using a default password wordlist to recover passwords.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views3 pages

    Bruteforce and Password Cracking

    Uploaded by

    contact
    This document outlines the process of brute force password cracking on a remote host, including finding the host's IP address via ping sweep, using Nmap to check for open ports like SSH and telnet, using Hydra to find valid credentials for those services, accessing password and shadow files after logging in via SSH, copying those files locally and cracking the hashes with John the Ripper using a default password wordlist to recover passwords.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Bruteforce and Password Cracking

    First, we need to find the ip address of the active host. For that, let's first find our ip.

    We can find that the network address is 192.168.99.0/24 from this. Let's do a ping sweep and find any alive hosts.

    We found our host. Let's do an nmap scan to check for open ports.

    We know ssh and telnet is open. We can use hydra to find valid credentials for both services.

    We found ssh credentials. Let's log in.

    1/3
    Now, we can access the /etc/passwd file.

    We can also get the /etc/shadow file.

    I copied both of these files to my local machine. Let's unshadow the passwd file and save it to a hashes file.

    We can check the content of hashes file.

    Now, let's use john to crack these hashes.


    2/3
    We got almost all of the hashes cracked using John's password.lst wordlist.

    3/3

    You might also like