Book Image

Password Cracking with Kali Linux

By : Daniel W. Dieterle
Book Image

Password Cracking with Kali Linux

By: Daniel W. Dieterle

Overview of this book

Unlock the secrets of Windows password security with "Password Cracking with Kali Linux," your essential guide to navigating password-cracking techniques. This book offers a comprehensive introduction to Windows security fundamentals, arming you with the knowledge and tools for effective ethical hacking. The course begins with a foundational understanding of password security, covering prerequisites, lab setup, and an overview of the journey ahead. You'll explore Kerberoasting, tools like Rubeus, Mimikatz, and various attack methods, providing a solid base for understanding password vulnerabilities. The course focuses on practical applications of password cracking, including wordlist generation using tools like Crunch and Hashcat, and exploring various attack strategies. You'll delve into John the Ripper and Hashcat functionalities, learning to identify hash types and crack complex passwords efficiently. The course wraps up with advanced techniques in Linux password cracking and defense strategies. You'll gain insights into creating leaderboards, achievements, and monetizing games, equipping you with skills to not just crack passwords but also secure systems effectively.

Related Content you might be interested in

Current Title:

Small book image
Password Cracking with Kali Linux
Daniel W. Dieterle
Feb, 2024 | 213 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Small book image
Kali Linux Cookbook.
Bob Perciaccante | Corey Schultz
Sep, 2017 | 438 pages
Small book image
Penetration Testing Bootcamp
Jason Beltrame
Jun, 2017 | 258 pages
Table of Contents (15 chapters)
Free Chapter
1
Password Cracking with Kali Linux
Password Cracking with Kali Linux
2
Dedication
Dedication
3
About the Author
About the Author
4
Thank You
Thank You
5
Contents
Contents
6
Chapter 1
Chapter 1
Pre-requisites and Scope
Lab Setup
Ethical Hacking Issues
Disclaimer
What we will Cover in our Journey
7
Chapter 2
Chapter 2
Kerberoasting
Key Components of Kerberoasting
Attacking Kerberos
Kerberos Attack Tools
Rubeus
Kerberoast Toolkit
Mimikatz
Mimikatz Pass the Hash Attacks
8
Chapter 3
Chapter 3
Password Risks and Attacks
Wordlists
Commonly Used Wordlists
Wordlists for Directory Path or Server Brute Forcing
Wordlists Included with Kali
Wordlist Generator Tools
CeWL
Crunch
Crunch - Using the Charset.lst File
Crunch: Creating Unicode Wordlists
Crunch - Creating More Advanced Wordlists
WARNING: This can Fill a Hard Drive Fast – Ye Have Been Warned
Hashcat - Creating Wordlists with Hashcat
Hashcat Utils
Hashcat Keymap Walking Password Wordlists
Introduction
Installing KwProcessor (kwp)
Keymaps and Routes
Creating a KWP Wordlist
Foreign Language Keywalks
Wordlist Wrap-up
9
Chapter 4
Chapter 4
Not sure what Kind of Hash you have?
Cracking Simple LM Hashes
Cracking LM/ NTLM Password Hashes Online
10
Chapter 5
Chapter 5
Introduction to Password Cracking Tools
John the Ripper
John the Ripper Overview
John the Ripper in Action
11
Chapter 6
Chapter 6
Hashcat Attack Types
Single Wordlist
Single Wordlist with Rules
Combining Two Wordlists
Masks, Brute Force and Hybrid Attacks
Masks
Basic Brute Force Attacks
Hybrid Attacks – Wordlists and Brute Force Together
Cracking NTLM passwords
Cracking harder passwords
Using a Larger Dictionary File
12
Chapter 7
Chapter 7
Rules and Mask Files
Prince Processor Attack
Password Cracking - Patterns
Using Cracked Passwords to Crack New Passwords
PACK - Password Analysis and Cracking Kit
13
Chapter 8
Chapter 8
Obtaining Linux Passwords
Automating Password Attacks with Hydra
Automating Password Attacks with Medusa
Automating Password Attacks with Ncrack
14
Chapter 9
Chapter 9
Utilman Login Bypass
Recovering Passwords from a Locked Workstation
Keyscan, Lockout Keylogger, and Step Recorder
Keylogging with Metasploit
15
Chapter 10
Chapter 10
Regularly Rotate Service Account Passwords
Implement Strong Password Policies
Use Managed Service Accounts (MSAs) or Group Managed Service Accounts (gMSAs)
Limit Service Account Privileges
Monitor for Unusual Activity
Implement Kerberos Armoring
Enable Kerberos Ticket Lifetime Policies
Monitor and Protect the KRBTGT Account
Implement Credential Guard
Use Extended Protection for Authentication
Regularly Update and Patch Systems
Educate Users and Administrators
Consider Network Segmentation
Bonus Chapter
Install VMware Player & Kali Linux
Kali Linux - Setting the IP address
Kali Linux - Updating
Installing Metasploitable 2
Metasploitable 2 - Setting the IP Address
Windows 11 - Installing as a Virtual Machine
Optional VMs
OWASP Mutillidae 2
Installing Mutillidae on Ubuntu
Damn Vulnerable Web Application (DVWA)
Installing DVWA
Utilman Login Bypass
Okay this technique is really old, and not technically an attack. It originated from an old Microsoft TechNet Active Directory support forum.  This technique, called the “Utilman Bypass”, was one technique recommended to log into a Windows server in case you forgot the password. The Utilman bypass works by manipulating a helpful windows function that is available at the login prompt. It allows a system level command session to open without using credentials. I have friends who support large corporate networks that tell me that they still use this technique for legitimate purposes. For example, when old corporate stand-alone systems need to be backed up and re-purposed and no one can remember the passwords, they will use this technique.
For this exercise, we will boot from the disk and change the Windows “Utilman” program, so when the “Windows” + “u” keys are pressed, a command prompt will open instead of...
Previous Section
End of Section 2
Next Section