Collaborate Disseminate
I am new to JTR and am currently trying to crack some passworts I generated.
Because I am new to JTR, I wanted to start by hashing a simple password like "Cat", write it in a file named pw.txt and then crack the password with Joh… Continue reading John the Ripper not working properly
I have the 2 encrypted passwords in my MSSQL database and I’m trying to decrypt it. Here’s one of the encrypted password:
E4-68-3F-BE-91-CC-BE-B9-27-4B-18-B1-5F-1B-39-66
The password to the above encryption is maintenance2 but I don’t hav… Continue reading Find password decryption used in MSSQL
The title is slightly confusing but what I mean is that if you are brute forcing every combination of a password, (not using leaked dictionaries like Rockyou.txt,) you can generate custom wordlists with tools such as crunch, and then brute… Continue reading Is it feasible to run a program that generates passwords on the fly for brute force attacks to save disk space? [duplicate]
Theoretical question – Say we have a randomly generated password with 80-bit entropy, stored as a single-round, unsalted SHA256 hash. For a determined attacker with current (2024) technology, what would be the cost of bruteforcing it, in t… Continue reading Is a randomly generated 80-bit password strong enough nowadays?
I have a microservice which sole purpose is to serve as a cache for other microservices. The point of the cache is to speed up processing, but the strong password hash algo counter that purpose. (Company policy require all service to be se… Continue reading Weak password hash + strong rate limiter = secure?
OS: Ubuntu 20.04 on VMWare, tool: John the ripper
The whole system is up-to-date
The file has 1000 hashed passwords. There are 40 rules provided, a small word list is provided to help crack part of the password. Length is from 1 to 8
Metho… Continue reading Cracking 1000-password assignment from hashed file
OS: Ubuntu 20.04 on VMWare, tool: John the ripper
The whole system is up-to-date
The file has 1000 hashed passwords. There are 40 rules provided, a small word list is provided to help crack part of the password. Length is from 1 to 8
Metho… Continue reading Cracking 1000-password assignment from hashed file
OS: Ubuntu 20.04 on VMWare, tool: John the ripper
The whole system is up-to-date
The file has 1000 hashed passwords. There are 40 rules provided, a small word list is provided to help crack part of the password. Length is from 1 to 8
Metho… Continue reading Cracking 1000-password assignment from hashed file
There is a lot of online tools to bruteforce online server like hydra and offline with hashes like hashcat. Yet it seems very weird that there is not a single offline bruteforcing app for software. Like if a make a python app that requires… Continue reading bruteforce local software’s password
I’m working on a lab on PortSwigger.com titled Username enumeration via different responses. While using ffuf to solve the lab, the output keeps returning a 400 status code.
So far this is what I’ve tried. Here is the request payload file,… Continue reading FFUF command returns status code 400, regardless of mode option: clusterbomb, pitchfork, sniper