Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR - - PowerPoint PPT Presentation

credential access with hashcat
SMART_READER_LITE
LIVE PREVIEW

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR - - PowerPoint PPT Presentation

Apr 12, 2023 691 likes •899 views

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens Steube Hashcat is the no. 1 offline password cracker. It supports different password cracking techniques and many hash algorithms. What's more it

slide-1
SLIDE 1

@dawidczagan

SECURITY INSTRUCTOR

Dawid Czagan

Credential Access with Hashcat

slide-2
SLIDE 2

Creator: Jens Steube

Hashcat is the no. 1 offline password cracker. It supports different password cracking techniques and many hash algorithms. What's more – it supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS

slide-3
SLIDE 3

Hashcat is available at https://hashcat.net/ I will demonstrate how you can use Hashcat to launch:

  • dictionary attack
  • dictionary attack with a rule
  • dictionary attack with a mask

I will also demonstrate how you can use Hashcat to crack password protected PDF and DOCX files

slide-4
SLIDE 4

Kill Chain

Recon Exploit Escalate Lateral Movement Action Evade

H

slide-5
SLIDE 5

Kill Chain

Recon Exploit Escalate Lateral Movement Action Evade

H

slide-6
SLIDE 6

Kill Chain

Recon Exploit Escalate Lateral Movement Action Evade

H

slide-7
SLIDE 7

MITRE ATT&CK

Tactics Impact Exfiltration Command & Control Collection Lateral Movement Discovery Credential Access Defense Evasion Privilege Escalation Persistence Execution Initial Access

slide-8
SLIDE 8

MITRE ATT&CK

Tactics

T1110: Brute Force

Impact Exfiltration Command & Control Collection Lateral Movement Discovery Credential Access Defense Evasion Privilege Escalation Persistence Execution Initial Access

slide-9
SLIDE 9

Finance EXEC Globo-FW-01 Globo-SW-01 Globo-SW-02 Globo-R-01

Datacenter

Engineering HR ISP

slide-10
SLIDE 10

Finance EXEC Globo-FW-01 Globo-SW-01 Globo-SW-02 Globo-R-01

Datacenter

Engineering HR ISP

slide-11
SLIDE 11

Finance EXEC Globo-FW-01 Globo-SW-01 Globo-SW-02 Globo-R-01

Datacenter

Engineering HR ISP

slide-12
SLIDE 12

Finance EXEC Globo-FW-01 Globo-SW-01 Globo-SW-02 Globo-R-01

Datacenter

Engineering HR ISP

slide-13
SLIDE 13

Finance EXEC Globo-FW-01 Globo-SW-01 Globo-SW-02 Globo-R-01

Datacenter

Engineering HR ISP

slide-14
SLIDE 14

Demo

t h s

Dictionary attack

slide-15
SLIDE 15

Demo

t h s

Dictionary attack with a rule

slide-16
SLIDE 16

Demo

t h s

Dictionary attack with a mask

slide-17
SLIDE 17

Demo

t h s

Cracking a password-protected PDF file

slide-18
SLIDE 18

Demo

t h s

Cracking a password-protected DOCX file

slide-19
SLIDE 19

Tools

Hashcat https://hashcat.net/ pdf2john.pl, office2john.py (John the Ripper) https://www.openwall.com/john/

Dictionaries

Probable Wordlists https://github.com/berzerk0/Probable

  • Wordlists

Electronic Frontier Foundation https://www.eff.org/pl/deeplinks/2016 /07/new-wordlists-random- passphrases

Resources