Skip to main content

GPU Based Hash Cracking and Password Compliance Auditing

A presentation of mine discussing the significance and intermediate application of cryptography for most modern systems. There is also a proof of concept discussing what weaknesses lie in modern cryptographic hash functions.

Wordlist used: Probable Wordlists

Rule used: One Rule to Rule Them All

Rayce Toms

Student Researcher

Comments

Post a Comment

Popular posts from this blog

Bastion Writeup - Hack The Box (Retired)

Summary: Bastion was one of the first few easy boxes that initially introduced me to HackTheBox . Created by L4mpje , a security enthusiast and hobbyist hacker, this box covers realistic Windows environment misconfigurations like unauthenticated file-shares and vulnerable apps with insecure password storage. Finding a Foothold Initial Enumeration: root@kali : ~/htb/ # nmap -sV -sC -oA nmap/Bastion 10.10.10.134 Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 13:31 AKDT Nmap scan report for 10.10.10.134 Host is up (0.50s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH for_Windows_7.9 (protocol 2.0) | ssh-hostkey: | 2048 3a:56:ae:75:3c:78:0e:c8:56:4d:cb:1c:22:bf:45:8a (RSA) | 256 cc:2e:56:ab:19:97:d5:bb:03:fb:82:cd:63:da:68:01 (ECDSA) |_ 256 93:5f:5d:aa:ca:9f:53:e7:f2:82:e6:64:a8:a3:a0:18 (ED25519) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
Post a Comment
Read more

Unattended Writeup - Hack The Box (Retired)

Summary: Unattended is a challenging CTF-Like machine created by Hack The Box user @guly . This Linux box is surprisingly more difficult than most medium level boxes and truly tests SQL injection knowledge by forcing users to not entirely rely on automated tools, but to think creatively so they can manually "incept" nested queries to achieve LFI. This ultimately leads to RCE and a shell after log poisoning. With additional enumeration and subtle sysadmin knowledge, we are able to escalate to the root user. Finding a Foothold Initial Enumeration: root@kali : ~/htb/ # nmap -sV -sC -oA nmap/Unattended 10.10.10.126 Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-22 19:45 AKDT Nmap scan report for www.nestedflanders.htb (10.10.10.126) Host is up (0.20s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 80/tcp open http nginx 1.10.3 |_http-server-header: nginx/1.10.3 |_http-title: Did not follow redirect to https://www.nestedflanders.ht
Post a Comment
Read more

OneTwoSeven Writeup - Hack The Box (Retired)

Summary: OneTwoSeven is a creatively designed realistic box by Hack The Box user @jkr . The foothold for this Linux box craftily utilizes symbolic links and port forwarding through sftp to gain access to the admin interface. This ultimately leads to RCE and a shell after some addon-based web exploitation. For escalating to the root user, we take advantage of the available apt sudo commands while performing a man-in-the-middle package injection via http-proxy. I have seen a similar, if not the same attack (slide 26), executed as part of Red Team's arsenal at the National Collegiate Cyber Defense Competition . Finding a Foothold Initial Enumeration: root@kali : ~/htb/ # nmap -sV -sC -oA nmap/OneTwoSeven 10.10.10.133 Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-08 22:04 AKDT Nmap scan report for 10.10.10.133 Host is up (0.12s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0) | ssh
Post a Comment
Read more