Collaborate Disseminate
Imagine I have this URL:
https://media.st.dl.pinyuncloud.com/apps/xyz/images/abc/
It exists and results in error 403, which means it exists but I cannot access it due to no privilege.
I want to bruteforce and find all the directories like… Continue reading Bruteforcing URL to find directory [closed]
I have forgotten my password but I know the words used in the password. I remember the password was something like MyPassport@1.82TB.
Is there any software that can produce all combinations like replacing "M" with "m" o… Continue reading How to generate all possible combinations of a forgotten password
An attacker want’s access to a specific account, he doesn’t know the password.
It’s a high entropy password. +128bits
The attacker has the hash for the password (Assuming OWASP suggested bcrypt with cost 12)
The attacker has a list with n… Continue reading Having a list of hashes for the same password compromise the security of the password?
Considering:
A VERY motivated attacker,
A large entropy password, as in 256bits¹ hashed in bcrypt (with recommended cost factor of 12), and
Attacker knowledge of everything he might need (except the password): hash, salt, cost, etc [AFAIK… Continue reading Are bcrypt hashes safe enough if exposed?
I’m planning to extend my pentest services to Password Cracking, to be more precise: Cracking Active Directory Passwords, extracted from the customers Active Directory in order to check users passwords.
Now I did some research, but there a… Continue reading Hardware for password cracking
Hashcat documentation shows the following variables that we can use inside masks:
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,… Continue reading Specifying wordsets in variables within hashcat masks/rules? [closed]
I am trying to make a combinator attack using just one dictionary:
word1
word2
word3
word4
word5
…
And would like to try all 4-words-length permutations separated by commas:
word1,word2,word3,word4
word1,word3,word4,word2
word2,word3,wo… Continue reading In Hashcat, How to generate combinatior attacks consisting of more than two words (in lenght)?
Alice bought 1 Bitcoin and encrypted her wallet.dat in Bitcoin Core.
Samantha, Alice’s friend, notices the Bitcoin price skyrocketing and, while Alice is in the bathroom, steals Alice’s wallet.dat as well as important.txt and goes home.
Th… Continue reading Does knowing part of a passphrase for sure really mean that you can "disregard" that entire part when trying to crack it?
I’m running a docker container in Kubernetes cluster running in aws, I exposed the container through LoadBalancer service and limited access to it just to my ip address using aws security groups, but I still getting GET/POST requests that … Continue reading Hacking attemps from unkown source
If I have a dictionary of passwords and have gained knowledge of usernames of a target site, how long will it take me to check all the passwords against the usernames if I have a computer that can test 1 billion combinations a second?
What… Continue reading Dictionary Attack Calculation [closed]