So you’ve got oclHashcat and you want to practice cracking hashes but you’ve got no hashes? Fear not! There are hashes listed below for you to play with or if you would like to generate hashes yourself download my perl module here and have a play with making them and then cracking yourself: svn checkout http://hashcat-passgen.googlecode.com/svn/trunk/ hashcat-passgen Direct link to code here. (Big thanks to atom at hashcat.net for giving… Continue reading

So I noticed whilst web app testing that would receive a cookie with a value called bIPs: 709aed354747fda133a5da28dbed60e7 95eb48ad7eae5c0aa9766f0258ae8a35

Looks like it’s using a big IP load balancer. I noticed it was MD5 and that was confirmed by finding the code that generates the hash(cheers scriptmonkey).

I decided to use Hashcat to do the bruteforcing. First thing that came to mind was how to use a dictionary containing… Continue reading

We need to capture the WPA 4 way handshake in order to perform an offline GPU attack. For this demo we’ll be using an Alfa AWUS036H wireless card under Backtrack 5 R2 64bit.

Now I could go in depth about capturing the WPA handshake manually using aircrack-ng but it has been covered in full in many places already, so instead im going to use a great python tool call… Continue reading

The tool we’re going to use here is hashcat. I’ll be testing this using a ATI 6950 2GB GPU running on Kubuntu 64bit using catalyst drivers 12.2. Your mileage might vary depending on what card you’re using. Hashcat (now known as oclhashcat-plus) comes with a few different binaries depending on what architecture you’ll be running it on.