Though, the potfile I've already generated has likely already captured any of the passwords I'd like to get out of the way. Any LM that remain in the NTDS database has been cracked. This also has shown a few cases of password reuse amongst (especially) contractors/employees and application/service accounts where the employee has changed their password but the account they set up still has itĪs for the specific type/hash, that isn't a huge issue as i'm only targetting NTLM anyhow. If I'm really feeling down for it, I also grab the entire password history from the DC in hopes that an older password sucked and the newer password is stronger but similar enough that the rules can crack it based on the old one. Running loopback w/ rules once cracking slows down or finishes with the above, and this usually hammers out a bunch more. ![]() Specifying formats that are likely default passwords in our environment ![]() ![]() Grabbing those leaks and running against them with the listīuilding a list of local cities, counties, zipcodes, sports teams (professional, college, high school), and such Using loopback rules alongside some of the really good rules in Hashcat has also provided a ton of useful results. Yeah, the last few years I've used a combination of John and Hashcat with GPU cracking.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |