Post-Exploit Password Attacks

1. Crack using the tool - john (Too slow in real world)

Locate the rockyou file.

john --wordlist=/usr/share/wordlists/rockyou.txt windows

john --show windows

Conbine the files and save as unshadow.

john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadow

2.Using Hash craker on the Internet. (Suggested)

8846F7EAEE8FB117AD06BDD830B7586C

3. Use the tool  hashcat

On Kali Linux.(Too slow locally)

hashcat -m  /usr/share/wordlists/rockyou.txt unshadow --force

On Windows

hashcat64.exe -m 500 unshadow.txt rockyou.txt

Hash Craker Websites:

https://crackstation.net/

https://hashkiller.co.uk/

Tips: If it is hard to crack the password, do not waste time on it. Just skip it and find another way.

OSCP Learning Notes - Post Exploitation(3)的更多相关文章

  1. OSCP Learning Notes - Post Exploitation(2)

    Windows Post Exploitation Target Server: IE8-Win 7 VM 1. Download and upload the fgdump, PwDump7, wc ...

  2. OSCP Learning Notes - Post Exploitation(1)

    Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. msfvenom -l pay ...

  3. OSCP Learning Notes - Post Exploitation(4)

    Pivoting 1. Edit the virtual network settings of the Vmware. 2. Set the Network Adapter(s) of Kali L ...

  4. OSCP Learning Notes - WebApp Exploitation(5)

    Remote File Inclusion[RFI] Prepare: Download the DVWA from the following website and deploy it on yo ...

  5. OSCP Learning Notes - WebApp Exploitation(4)

    Local File Inclusion[LFI] Target Pentester Lab: Download from the following website: https://www.vul ...

  6. OSCP Learning Notes - WebApp Exploitation(3)

    SQL Injection[SQLi] Refrence: SQL Injection Authentication Bypass Cheat Sheet https://pentestlab.blo ...

  7. OSCP Learning Notes - WebApp Exploitation(2)

    Cross-Site Scripting(XSS) 1. Using the tool - netdiscover to find the IP of target server. netdiscov ...

  8. OSCP Learning Notes - WebApp Exploitation(1)

    Installing XSS&MySQL FILE Download the Pentester Lab: XSS and MySQL FILE from the following webs ...

  9. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

随机推荐

  1. cc21a -c++重载成员操作符*,->,代码示范

    cc21a重载成员操作符*,->, *,解引用操作符 ->箭头操作符,用于智能指针类 #include "pointer.h" //pointer.cpp #inclu ...

  2. Android studio debug apk包安装失败

    可在根目录gradle.properties中配置 android.injected.testOnly=false

  3. Hystrix Stream的监控页面不显示内容

    打开Hystrix Stream页面,进入后,发现只有一行Unable to connect to Command Metric Stream. 因为springboot的默认路径不是 "/ ...

  4. JavaWeb网上图书商城完整项目-数据库操作工具类2-MapHandle的高级用法

    1.现在在上面一章的基础上,我们引入一个address表,该表记录person类的地址,address表的格式如下所示 现在person类要和address表想关联,得到当前联系人的住宅地址,我们应该 ...

  5. Springboot 集成 ElasticSearch 踩坑

    这里只涉及到基础使用 导包 <dependency> <groupId>org.springframework.boot</groupId> <artifac ...

  6. C++的逗号运算符

    逗号运算符( , )是C++语言运算符中优先级最低的一种运算符,结合顺序是从左至右,用来顺序求值(最后一个逗号后面表达式的值作为整个表达式的值). 感觉这个东西还是挺冷门的,之前都不知道,平时也比较少 ...

  7. Flask02-Template

    ## 基础使用 $ vim app/templates/index.html > <html> > <head> > <title>{{title ...

  8. SpringBoot--集成actuator

    actuator是spring boot项目中非常强大一个功能,有助于对应用程序进行监视和管理,通过 restful api 请求来监管.审计.收集应用的运行情况,针对微服务而言它是必不可少的一个环节 ...

  9. 字节流,读取 a.txt 文件内容,并打印出来

    import java.io.FileInputStream;import java.io.IOException; /** 字节流,读取 a.txt 文件内容,并打印出来 */public clas ...

  10. 吐血推荐,想进BAT必看

    不必太纠结于当下,也不必太忧虑未来,人生没有无用的经历,当你经历过一些事情后,眼前的风景已经和从前不一样了.--村上春树 一.包含如下内容 ActiveMQ消息中间件面试专题 BAT80道面试题 BA ...