password hash cracking

We are currently locked out of an LDAP account - so we need to try and find what is the password...

The hash is {SSHA}xHxjshshsjX/d9shsgsg or something !!

I have written the hash into the file called pass.txt

hashcat

This is a nice command line tool that allows you to attack hashes that are put into a file (typically after a large system has been compromised).

It assists hashcat to specify the hash type, in this case it is LDAP so this is hash type 111

hashcat  -m 111 HASHES.file PASSWORDS.file

password Dictionaries

There are freely available, and easy to download.

crunch

I will try and use a password generator called crunch

Most Upper/Lower/Number generator

I was [A-Za-z0-9@] between 2 and 3 letters, with only 1 duplicated (i.e. no AAA) symbol...

crunch 2 3 abcdefghijklmnopqrstuvwxyz0123456789@ABCDEFGHIJKLMNOPQRSTUVWXYZ -d 1

To output to a file just add a pipe

crunch 2 3 abcdefghijklmnopqrstuvwxyz0123456789@ABCDEFGHIJKLMNOPQRSTUVWXYZ -d 1 > data.txt

Password dictionaries

Excellent resource: https://github.com/danielmiessler/SecLists.git

To make them all into 1 data file (need to remove some non readable chars hence the iconv).

cat ../SecLists/Passwords/*.txt | sort | iconv -t 'utf-8' -c | uniq > data.txt