Skip to main content

GPU Based Hash Cracking and Password Compliance Auditing

A presentation of mine discussing the significance and intermediate application of cryptography for most modern systems. There is also a proof of concept discussing what weaknesses lie in modern cryptographic hash functions.

Wordlist used: Probable Wordlists

Rule used: One Rule to Rule Them All

Rayce Toms

Student Researcher

Comments

Post a Comment

Popular posts from this blog

Bastion Writeup - Hack The Box (Retired)

Summary: Bastion was one of the first few easy boxes that initially introduced me to HackTheBox . Created by L4mpje , a security enthusiast and hobbyist hacker, this box covers realistic Windows environment misconfigurations like unauthenticated file-shares and vulnerable apps with insecure password storage. Finding a Foothold Initial Enumeration: root@kali : ~/htb/ # nmap -sV -sC -oA nmap/Bastion 10.10.10.134 Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 13:31 AKDT Nmap scan report for 10.10.10.134 Host is up (0.50s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH for_Windows_7.9 (protocol 2.0) | ssh-hostkey: | 2048 3a:56:ae:75:3c:78:0e:c8:56:4d:cb:1c:22:bf:45:8a (RSA) | 256 cc:2e:56:ab:19:97:d5:bb:03:fb:82:cd:63:da:68:01 (ECDSA) |_ 256 93:5f:5d:aa:ca:9f:53:e7:f2:82:e6:64:a8:a3:a0:18 (ED25519) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn...
Post a Comment
Read more

Luke Writeup - Hack The Box (Retired)

Summary: Luke , a FreeBSD box created by HackTheBox user H4d3s , was an overall simple medium-difficulty box. Rooting this host is mostly a matter of taking advantage of its sensitive information disclosure, its password reuse, and its over-zealous privileges that are available from the web host. This was the first box where I had rooted the box before getting user. Finding a Foothold Initial Enumeration: root@kali : ~/htb/ # nmap -sV -sC -oA nmap/Luke 10.10.10.137 Starting Nmap 7.80 ( https://nmap.org ) at 2019-07-15 18:35 AKDT Nmap scan report for 10.10.10.137 Host is up (0.12s latency). Not shown: 995 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3+ (ext.1) | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_drwxr-xr-x 2 0 0 512 Apr 14 12:35 webapp | ftp-syst: | STAT: | FTP server status: | Connected to 10.10.14.39 | Logged in as ftp | TYPE: ASCII | No session upload bandwidth limit | ...
Post a Comment
Read more

OneTwoSeven Writeup - Hack The Box (Retired)

Summary: OneTwoSeven is a creatively designed realistic box by Hack The Box user @jkr . The foothold for this Linux box craftily utilizes symbolic links and port forwarding through sftp to gain access to the admin interface. This ultimately leads to RCE and a shell after some addon-based web exploitation. For escalating to the root user, we take advantage of the available apt sudo commands while performing a man-in-the-middle package injection via http-proxy. I have seen a similar, if not the same attack (slide 26), executed as part of Red Team's arsenal at the National Collegiate Cyber Defense Competition . Finding a Foothold Initial Enumeration: root@kali : ~/htb/ # nmap -sV -sC -oA nmap/OneTwoSeven 10.10.10.133 Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-08 22:04 AKDT Nmap scan report for 10.10.10.133 Host is up (0.12s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0) | ssh...
Post a Comment
Read more