Hello friends, Welcome again!
We are discussing about Penetration Testing Tutorial and this article under section cracking passwords and hashes cracking.
Brute force attack with cain and abel
In my previous post Cain and Abel software for cracking hashes tutorial you have learnt about basic features or cain and abel. In the last of post I wrote about cracking passwords and how you dump NTLM hashes from local PC. After getting passwrod hashes our next task to crack password by using difference techniques, Brute Force attack one of them. In this tutorial you will learn how to perform brute force attack for cracking hashes by Cain and Abel
Brute Force Attack Definition
From Wikipedia: “In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.
The key length used in the cipher determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. A cipher with a key length of N bits can be broken in a worst-case time proportional to 2N and an average time of half that. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognize when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.”
Cracking password by brute force attack using Cain and Abel:
- Right click on the desired user.
- Brute-force Attack
- Click on NTLM Hashes: A new window will be open, Here you need to set following things
- Charset: under this section there are two option first predefined charset or custom, where you can use character, numbers and sysmbles according yourself.
- Password length: Define minimum and maximum length of password
- Click and start.
- You will get result.
MODULE 4:- Information Gathering
- How to use dnsenum for dns enumeration – Kali
- How to use dig command in Kali Linux
- whois Kali Linux commands with example
- Enumerating DNS Records through dnsenum tool in Kali Linux
- Email Harvesting by theharvester tool in Kali Linux
- Google Hacking | Open Web Information Gathering
- dnsmap | DNS Domain name system brute force attacks
- Zone Transfer using dnswalk tool
- Website information Gathering through Nikto tool
- Search Senstive Data through Metagoofil Kali Linux 2.0
- 8 Steps to run Maltego Kali Linux – beginner guide
Brute Force on domain name for subdomain
Brute force attacks on dns name to find out subdomains or domain suggestion, and it check domain status and dns records. Before start learning about dnsmap you should know what is domain name server and sobdomain? Domain name system is a server which resolve dns name quiry into Ip Address and vice versa IP address to domain name. Most of dns servers have two part primary dns and secondery dns. Subdomain is a domain related with domain like www.aa.example.com is a subdomain of www.example.com.
dnsmap was originally released back in 2006 and was inspired by the fictional story “The Thief No One Saw” by Paul Craig, which can be found in the book “Stealing the Network – How to 0wn the Box”.
dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc …
Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way).
Key features of DNSMAP Tool
- Obtain all A records (i.e. IP addresses) associated to each successfully brute forced sub domain, rather than just one IP address per sub domain.
- Abort the brute forcing process in case the target domain uses wildcards.
- Ability to be able to run the tool without providing a word list by using a built-in list of keywords.
- Brute forcing by using a user-supplied word list (as opposed to the built-in word list).
- Saving the results in human-readable and CSV format for easy processing.
- Improved built-in subdomains wordlist.
- New bash script (dnsmap-bulk.sh) included which allows running Dnsmap against a list of domains from a user-supplied file. i.e.: brute forcing several domains in a bulk fashion.
- Bypassing of signature-based Dnsmap detection by generating a proper pseudo-random sub domain when checking for wildcards (Unique Feature).
What find after using dnsmap?
1. Finding interesting remote access servers.
2. Finding badly configured and/or unpatched servers.
3. Finding new domain names which will allow you to map non-obvious/hard-to-find net blocks.
4. Sometimes you find that some brute forced sub domains resolve to internal IP addresses (RFC 1918). This is great as sometimes they are real up-to-date “A” records which means that it *is* possible to enumerate internal servers of a target organization from the Internet by only using standard DNS resolving (as opposed to zone transfers for instance).
5. Discover embedded devices configured using Dynamic DNS services.
Dnsmap Usage Example
See included packages in dnsmap by run following command
scan domain name (example.com) for sub domain and see the result by executing following command
Scan example.com using a wordlist (-w /usr/share/wordlists/dnsmap.txt)
#dnsmap example.com -w /usr/share/wordlists/dnsmap.txt