GPU Based Hash Cracking and Password Compliance Auditing

A presentation of mine discussing the significance and intermediate application of cryptography for most modern systems. There is also a proof of concept discussing what weaknesses lie in modern cryptographic hash functions.

Wordlist used: Probable Wordlists

Rule used: One Rule to Rule Them All

— Rayce Toms
Student Researcher

Comments

Bastion Writeup - Hack The Box (Retired)

Summary: Bastion was one of the first few easy boxes that initially introduced me to HackTheBox . Created by L4mpje , a security enthusiast and hobbyist hacker, this box covers realistic Windows environment misconfigurations like unauthenticated file-shares and vulnerable apps with insecure password storage. Finding a Foothold Initial Enumeration: root@kali : ~/htb/ # nmap -sV -sC -oA nmap/Bastion 10.10.10.134 Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 13:31 AKDT Nmap scan report for 10.10.10.134 Host is up (0.50s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH for_Windows_7.9 (protocol 2.0) | ssh-hostkey: | 2048 3a:56:ae:75:3c:78:0e:c8:56:4d:cb:1c:22:bf:45:8a (RSA) | 256 cc:2e:56:ab:19:97:d5:bb:03:fb:82:cd:63:da:68:01 (ECDSA) |_ 256 93:5f:5d:aa:ca:9f:53:e7:f2:82:e6:64:a8:a3:a0:18 (ED25519) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn

Helpline Writeup - Hack The Box (Retired)

Summary: Helpline is one of the more advanced and difficult machines on Hack The Box . There is more than one solution to many of the parts of this machine; however, it ultimately leads to some necessary cryptography at the end. What's more interesting is that this box highlights the limitations of the NT AUTHORITY\SYSTEM user. The box was created by egre55 , a security researcher, sysadmin, and penetration tester. Initial Foothold Scanning the host: nmap -sV -sC -oA nmap/Helpline 10.10.10.132 Results: PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 445/tcp open microsoft-ds? 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Not Found 8080/tcp open http-proxy - ... | HTTP/1.1 200 OK ... |_http-title: ManageEngine ServiceDesk Plus 49667/tcp open msrpc Microsoft Windows RPC Visiting the http server on port 8080, w

Luke Writeup - Hack The Box (Retired)

Summary: Luke , a FreeBSD box created by HackTheBox user H4d3s , was an overall simple medium-difficulty box. Rooting this host is mostly a matter of taking advantage of its sensitive information disclosure, its password reuse, and its over-zealous privileges that are available from the web host. This was the first box where I had rooted the box before getting user. Finding a Foothold Initial Enumeration: root@kali : ~/htb/ # nmap -sV -sC -oA nmap/Luke 10.10.10.137 Starting Nmap 7.80 ( https://nmap.org ) at 2019-07-15 18:35 AKDT Nmap scan report for 10.10.10.137 Host is up (0.12s latency). Not shown: 995 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3+ (ext.1) | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_drwxr-xr-x 2 0 0 512 Apr 14 12:35 webapp | ftp-syst: | STAT: | FTP server status: | Connected to 10.10.14.39 | Logged in as ftp | TYPE: ASCII | No session upload bandwidth limit |

UAA Cybersecurity Club Writeups

Search This Blog