Ethical Hacking and Penetration Testing Guide

Yüklə 22,44 Mb.

Pdf görüntüsü

səhifə	157/235
tarix	07.08.2023
ölçüsü	22,44 Mb.
	#138846

1 ... 153 154 155 156 157 158 159 160 ... 235

Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Bypassing the Log-In
References http://ophcrack.sourceforge.net/download.php http://www.piotrbania.com/all/kon-boot/ Cracking the Hashes
Dictionary Attacks

Bypassing the Log-In
Cracking passwords is a time-consuming process and sometimes if the length is longer it can take
much time. In that case we can use programs such as
konboot
or
hirenboot
to bypass the
log-in system. Personally, I would recommend you to use konboot as it’s very user-friendly; it will
allow you to log in as a system administrator without the need of the actual password as it has
capability to edit on the fly. To use this tool, burn it on USB or LIVE and boot from it.
References
http://ophcrack.sourceforge.net/download.php
http://www.piotrbania.com/all/kon-boot/
Cracking the Hashes
So we are done with dumping hashes, now we will talk about how we can actually crack those
hashes to obtain the passwords and gain access to services such as telnet, VNC, or RDP. But
first let’s talk about some of the password cracking methods we have. Some of them have been
explained in the “Remote Exploitation” chapter (Chapter 7) when we discussed cracking network
services; now we will talk about them in greater depth.
Bruteforce
Bruteforce is the most popular password cracking method. A bruteforce attack would try all pos-
sible combinations until the correct password is found. This approach will guarantee that your

254
◾
Ethical Hacking and Penetration Testing Guide
password is cracked, but for passwords of longer length, especially when they contain special char-
acters, cracking becomes harder.
Dictionary Attacks
A dictionary attack involves the use of a wordlist; our password cracker will try every word from
the wordlist and try to crack passwords. This means that if the correct password is not available in
the wordlist, the attack won’t be successful.

Yüklə 22,44 Mb.

Dostları ilə paylaş:

1 ... 153 154 155 156 157 158 159 160 ... 235