PBKDF i bcrypt

PBKDF i bcrypt

One way to store passwords provided by users is through the use of hash functions. In this case, the input provided, for example, during user registration, is processed by the chosen hash function, and its output is saved in the database. Hash functions, because they are one-way, ensure that it is n…
Read more →
Bcrypt Cocktail and Hash Extraction

Bcrypt Cocktail and Hash Extraction

Bcrypt Cocktail and Hash Extraction TL;DR - Combining bcrypt with other unsalted hash functions (such as MD5 or SHA-1) can lead to serious consequences in the form of "extraction" of bcrypt. However, it is still better than just using a weak algorithm. In some cases, it is possible to find something…
Read more →
Sacrificial session

Sacrificial session

How many times you have run into the problem of replacing the current user Kerberos TGT? Creating the sacrificial process is the way to prevent that from happening. If the current user TGT will be replaced, the authentication to the domain resources will be done using the new TGT. To get back to th…
Read more →
Hash function

Hash function

A hash function is an algorithm that transforms an input of arbitrary length into an output of fixed length. An example of how this is achieved is through expansion – if we have a function operating on a block of data, we can call it multiple times, allowing us to compute the hash for a longer input…
Read more →
Introduction to Password Cracking #3 Rules

Introduction to Password Cracking #3 Rules

When you have used and try all your dictionaries and the passwords still does not give up... then you need to extend your attack ( assuming the dictionary is prima sort ). The ways that hashcat offers are several. There is the dictionary attack, which we discussed at the very beginning (POST#1). We…
Read more →
Introduction to Password Cracking #1 Intro

Introduction to Password Cracking #1 Intro

So you want to be a password cracker, huh? Let us show you how it's done. In this post you will learn how to crack passwords with hashcat dictionary attack. First things first. A few things are required for Hashcat to begin cracking in dictionary mode: Hash(es) to crack Hash id for given hash(es) …
Read more →
Introduction to Password Cracking #2 Wordlists

Introduction to Password Cracking #2 Wordlists

In the previous post, we learned about one of the attack methods that hashcat offers - the dictionary attack. To perform such attack we need dictionary - a good dictionary, Let's be clear we need solid and (not always) big dictionary to perform good attack. Let's start by explaining what a wordlist,…
Read more →
CrackMeIFYouCan 2022 DEFCON Writeup

CrackMeIFYouCan 2022 DEFCON Writeup

TL;DR What's that? CrackMeIfYouCan on DEFCON is one of the most popular hash cracking contests in the wild. Best teams in the world compete on a 48h challenge to crack as many hashes as possible. The are 2 classes of competitiors - Pro and Street. We played under AlphaPwners team, and finished on 5t…
Read more →