Post-Exploit Password Attacks

1. Crack using the tool - john (Too slow in real world)

Locate the rockyou file.

john --wordlist=/usr/share/wordlists/rockyou.txt windows

john --show windows

Conbine the files and save as unshadow.

john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadow

2.Using Hash craker on the Internet. (Suggested)

8846F7EAEE8FB117AD06BDD830B7586C

3. Use the tool  hashcat

On Kali Linux.(Too slow locally)

hashcat -m  /usr/share/wordlists/rockyou.txt unshadow --force

On Windows

hashcat64.exe -m 500 unshadow.txt rockyou.txt

Hash Craker Websites:

https://crackstation.net/

https://hashkiller.co.uk/

Tips: If it is hard to crack the password, do not waste time on it. Just skip it and find another way.

OSCP Learning Notes - Post Exploitation(3)的更多相关文章

  1. OSCP Learning Notes - Post Exploitation(2)

    Windows Post Exploitation Target Server: IE8-Win 7 VM 1. Download and upload the fgdump, PwDump7, wc ...

  2. OSCP Learning Notes - Post Exploitation(1)

    Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. msfvenom -l pay ...

  3. OSCP Learning Notes - Post Exploitation(4)

    Pivoting 1. Edit the virtual network settings of the Vmware. 2. Set the Network Adapter(s) of Kali L ...

  4. OSCP Learning Notes - WebApp Exploitation(5)

    Remote File Inclusion[RFI] Prepare: Download the DVWA from the following website and deploy it on yo ...

  5. OSCP Learning Notes - WebApp Exploitation(4)

    Local File Inclusion[LFI] Target Pentester Lab: Download from the following website: https://www.vul ...

  6. OSCP Learning Notes - WebApp Exploitation(3)

    SQL Injection[SQLi] Refrence: SQL Injection Authentication Bypass Cheat Sheet https://pentestlab.blo ...

  7. OSCP Learning Notes - WebApp Exploitation(2)

    Cross-Site Scripting(XSS) 1. Using the tool - netdiscover to find the IP of target server. netdiscov ...

  8. OSCP Learning Notes - WebApp Exploitation(1)

    Installing XSS&MySQL FILE Download the Pentester Lab: XSS and MySQL FILE from the following webs ...

  9. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

随机推荐

  1. Nginx配置rewrite过程介绍

    创建rewrite语句 vi conf/vhost/www.abc.com.conf #vi编辑虚拟主机配置文件 文件内容 server { listen 80; server_name abc.co ...

  2. WeChair项目Beta冲刺(4/10)

    团队项目进行情况 1.昨日进展    Beta冲刺第四天 昨日进展: 前后端并行开发,项目按照计划有条不絮进行 2.今日安排 前端:扫码占座功能和预约功能并行开发 后端:扫码占座后端逻辑和预约功能逻辑 ...

  3. spring boot actuator监控需要注意的点

    1. /metrics接口提供的信息进行简单分类如下表: 分类 前缀 报告内容 垃圾收集器 gc.* 已经发生过的垃圾收集次数,以及垃圾收集所耗费的时间,适用于标记-清理垃圾收集器和并行垃圾收集器(数 ...

  4. 5、struct2的获得jsp参数的第三种方式

    在前面已经讲解了通过在action中直接通过jsp的参数和ModelDiver的方式获得浏览器传递的参数,下面我们介绍第三种方式,也是在项目开发中推荐的方式 action不需要在实现ModelDriv ...

  5. ABP(ASP.NET Boilerplate Project)快速入门

    前言 这两天看了一下ABP,做个简单的学习记录.记录主要有以下内容: 从官网创建并下载项目(.net core 3.x + vue) 项目在本地成功运行 新增实体并映射到数据库 完成对新增实体的基本增 ...

  6. Python干货整理之数据结构篇

    1 stack的实现 实现接口: init() 用于初始化stack,数据类型为list size() 用于获得stack的大小 push() 用于往栈中添加元素,添加的元素类型可以是int或者lis ...

  7. VC GDI+基础用法VC

    #include "GdiPlus.h" // 使用GDI+ 命名空间 using namespace Gdiplus; // 与GDI+ 相关的其它头文件,如:GraphicsP ...

  8. 《UNIX环境高级编程》(APUE) 笔记第四章 - 文件和目录

    4 - 文件和目录 1. 函数 stat.fstat.fstatat 和 lstat #inlcude <sys/stat.h> int stat(const char *restrict ...

  9. sql server 分组查询结合日期模糊查询

    分组查询: https://www.cnblogs.com/netserver/p/4518995.html 日期格式化格式: http://blog.csdn.net/qq_16769857/art ...

  10. 简单的JdbcUtil 类

    import java.sql.*; /** JDBC工具类 */ public class JdbcUtil { /** * 获取数据库连接对象并返回 * * @return Connection对 ...