Crack LUKS volume with Hashcat

Posted on November 19, 2019 by admin

Install hashcat

apt install hashcat

Find LUKS Volume

bob@localhost:~/$ dmesg
...
[ 1057.776074] sd 0:0:0:0: [sda] Write Protect is off
[ 1057.776074] sd 0:0:0:0: [sda] Mode Sense: 43 00 00 00
[ 1057.776593] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1057.780234]  sda: sda1
[ 1057.783346] sd 0:0:0:0: [sda] Attached SCSI removable disk
bob@localhost:~/$

From the above we see that the drive we just pluGged into the system is “sda” so our path and partition is “/dev/sda1”

Run hashcat

The following command will run hashcat against “/dev/sda1”, change if the encrypted partition is different. Mode is to brute force every 8 numeric character combination. Refer to the following link to learn more about mask attacks.
https://hashcat.net/wiki/doku.php?id=mask_attack

Note: You should be able to dump the header and work off of that as well.

sudo hashcat -a 3 -m 14600 /dev/sda1 ?d?d?d?d?d?d?d?d

Generate Password list using Crunch

Posted on October 2, 2019 by admin

Install crunch and then generate a word list with the following command. The 8 8 tells crunch to generate combinations that have a minimum and maximum length of 8. All the numbers from 1-0 tells crunch to use these characters, -o writes to output file.

Change options if desired.

crunch 8 8 1234567890 -o 8numberchars.lst

Further reading. https://tools.kali.org/password-attacks/crunch

Hydra – SSH Example

Posted on October 1, 2019 by admin

Hydra is a network login cracker. You’ll need a password list and username(s) to get started.

Install Hydra

sudo apt-get install -y hydra

Launch against device
Change the IP address to the target IP
Change ubnt to target Username
Change password.lst to your password list file

SSH Example

hydra -l ubnt -P password.lst 192.168.1.20 ssh

Run hydra -h to get the full help.

Alfred@localhost:~$ hydra -h
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
 Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [service://server[:PORT][/OPT]]
 Options:
   -R        restore a previous aborted/crashed session
   -I        ignore an existing restore file (don't wait 10 seconds)
   -S        perform an SSL connect
   -s PORT   if the service is on a different default port, define it here
   -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE
   -p PASS  or -P FILE  try password PASS, or load several passwords from FILE
   -x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help
   -y        disable use of symbols in bruteforce, see above
   -e nsr    try "n" null password, "s" login as pass and/or "r" reversed login
   -u        loop around users, not passwords (effective! implied with -x)
   -C FILE   colon separated "login:pass" format, instead of -L/-P options
   -M FILE   list of servers to attack, one entry per line, ':' to specify port
   -o FILE   write found login/password pairs to FILE instead of stdout
   -b FORMAT specify the format for the -o FILE: text(default), json, jsonv1
   -f / -F   exit when a login/pass pair is found (-M: -f per host, -F global)
   -t TASKS  run TASKS number of connects in parallel per target (default: 16)
   -T TASKS  run TASKS connects in parallel overall (for -M, default: 64)
   -w / -W TIME  wait time for a response (32) / between connects per thread (0)
   -c TIME   wait time per login attempt over all threads (enforces -t 1)
   -4 / -6   use IPv4 (default) / IPv6 addresses (put always in [] also in -M)
   -v / -V / -d  verbose mode / show login+pass for each attempt / debug mode 
   -O        use old SSL v2 and v3
   -q        do not print messages about connection errors
   -U        service module usage details
   -h        more command line options (COMPLETE HELP)
   server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
   service   the service to crack (see below for supported protocols)
   OPT       some service modules support additional input (-U for module help)
 Supported services: adam6500 asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
 Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
 v3.0. The newest version is always available at http://www.thc.org/thc-hydra
 Don't use in military or secret service organizations, or for illegal purposes.
 These services were not compiled in: afp ncp oracle sapr3.
 Use HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.
 E.g. % export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)
      % export HYDRA_PROXY=connect_and_socks_proxylist.txt  (up to 64 entries)
      % export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080
      % export HYDRA_PROXY_HTTP=proxylist.txt  (up to 64 entries)
 Examples:
   hydra -l user -P passlist.txt ftp://192.168.0.1
   hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
   hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
   hydra -l admin -p password ftp://[192.168.0.0/24]/
   hydra -L logins.txt -P pws.txt -M targets.txt ssh

Dump all wireless network passkeys to text file – Windows 10

Posted on September 16, 2019 by admin

Open a command prompt and run the following command.

netsh wlan show profiles name=* key=clear > Desktop\Passkeys.txt

You can now open up the Passkeys.txt file and view all your saved networks.

If you just need to view one network, you can refer to this link.

How To Reset root Password on CentOS VM – XenServer

Posted on August 30, 2019 by admin

Basic steps are as follows.

Shutdown VM
From XenCenter, insert the CentOS iso into the VM’s Virtual DVD drive.
Boot the CentOS VM in recovery mode. If you need help with that check this post out.
On the grub menu, select recover OS Installation.
Run through the recovery and mount the VM’s disk where CentOS is installed
You should now be able to drop to a prompt and chroot /sysimage
Change the root password with passwd
Shutdown the VM
Eject the CentOS iso
Boot up the VM and login with the new password

OpenVas set password for user

Posted on August 29, 2019 by admin

After installing OpenVAS you may need to setup a user. Running the following command will create the user admin and will print the password for the user below.

openvasmd --create-user admin

Example output.

User created with password 'b4539967-c521-fe41-d255-aeb53e735h9a'.

If needed you can delete a user with the following command

openvasmd --delete-user=USERNAME

cnMaestro template for setting Username and Passwords for PMP gear

Posted on May 22, 2019 by admin

The following template can be used to set the user name and passwords for cambium pmp gear. Create a new template in cnMaestro, past in the following, change the passwordEncrypted to the hash of your password and run the config.

You can get the hashed password by pulling it out of a current radio config.

{
"userParameters": {
  "authenticationConfig": {
    "accounts": [ 
      { 
        "userName": "admin", 
        "level": 3, 
        "readOnly": false, 
        "passwordEncrypted": "188a934e0246ae248da19400fed83107a" 
      }, 
      { 
        "userName": "root", 
        "level": 3, 
        "readOnly": false, 
        "passwordEncrypted": "188a934e0246ae248da19400fed83107a" 
      } 
    ]
  }
 }
}

Reset WordPress admin password in MySQL

Posted on March 8, 2019 by admin

Log into MySQL from command line

mysql -u root -p

Select the correct database

USE wordpress_db;

Print current users

SELECT * FROM wp_users;

Should get something similar to the following

mysql> SELECT * FROM wp_users
     -> ;
 +----+------------+------------------------------------+---------------+---------------------------+----------+---------------------+------------------------------------+-------------+--------------+
 | ID | user_login | user_pass                          | user_nicename | user_email                | user_url | user_registered     | user_activation_key                | user_status | display_name |
 +----+------------+------------------------------------+---------------+---------------------------+----------+---------------------+------------------------------------+-------------+--------------+
 |  1 | admin    | 5f4dcc3b5aa765d61d8327deb882cf99 | admin       | bob@incredigeek.com       |          | 2018-08-09 10:10:42 |                                    |           0 | admin        |
 |  2 | bob      | 210805fb52a13251f4bedc7e725e575a | bob         | bob@incredigeek.com       |          | 2019-11-01 11:31:23 |                                    |           0 | bob smith    |
 +----+------------+------------------------------------+---------------+---------------------------+----------+---------------------+------------------------------------+-------------+--------------+
 3 rows in set (0.00 sec)
 mysql>

To update the password use

UPDATE wp_users SET user_pass = MD5('NewPass') WHERE ID=1;

The MD5 hashes the NewPass and adds it to the database. You can print the users again to verify the hash changed.

You should now be able to login using the new password you configure.

MySQL change/add password for user

Posted on February 27, 2019 by admin

Log into mysql

mysql -u root -p

List users

select User,Host from mysql.user;

Set password

set password for 'root'@'localhost' = PASSWORD('password');

On new versions of MySQL you may need to use

alter user 'root'@'localhost' IDENTIFIED BY 'password';

How To Reset Zenoss Admin Password

Posted on December 11, 2014 by admin

Switch to the zenoss user.

su zenoss

Change Zenoss admin password.

$ZENHOME/bin/zenpass

Restart zope.

zopectl restart

Incredigeek

Tag Archives: password