7MS #369: Cracking Hashes with NPK
7 Minute Security28 Jun 2019

7MS #369: Cracking Hashes with NPK

Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password guidelines, and is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today I'm having a blast with cracking hashes quickly and cost-effectively using NPK.

For 1+ years I've loved my Paperspace config, but lately I've had some reservations about it:

  • People are telling me they're having problems installing the drivers
  • My methodology for building wordlists with HateCrack doesn't seem to work anymore
  • I often pay a lot of $ for idle time since you pay ~$5/month just for the VM itself, and then a buck and change per hour the box is running - even when it's not cracking anything.

This week on a pentest I wasn't capturing many hashes, and when I finally did it was a really valuable one. So I wanted to throw more "oomph" at the hash but don't have a ton of days to spare.

Enter NPK which lets you submit a hash, decide how much horsepower to throw at it, and even set a max amount of $ to spend on the effort. Super cool! I'm loving it so far!

Note: I did have a heck of a time with the install (I'm sure it was a me thing) so I wrote up this gist to help others who might hit the same issue:

Happy crackin'!

Episoder(710)

7MS #710: I'm Taking a Break

7MS #710: I'm Taking a Break

Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club.  It's a temporary break, so please don't unsubscribe, unfollow, etc.  I need some e...

17 Jan 4min

7MS #709: Second Impressions of Twingate

7MS #709: Second Impressions of Twingate

Hey friends, in episode #649 I gave you my first impressions of Twingate.  It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using...

10 Jan 20min

7MS #708: Tales of Pentest Fail – Part 6

7MS #708: Tales of Pentest Fail – Part 6

After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you.  You either commiserated with my story, told me I wussed out, and/or had a difficult story of...

2 Jan 25min

7MS #707: Our New Pentest Course Has Launched!

7MS #707: Our New Pentest Course Has Launched!

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, ...

26 Des 202514min

7MS #706: Tales of Pentest Pwnage – Part 80

7MS #706: Tales of Pentest Pwnage – Part 80

I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the...

19 Des 202529min

7MS #705: A Phishing Campaign Fail Tale

7MS #705: A Phishing Campaign Fail Tale

This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing c...

12 Des 202521min

7MS #704: DIY Pentest Dropbox Tips – Part 12

7MS #704: DIY Pentest Dropbox Tips – Part 12

Hola friends!  My week has very much been about trying to turnaround pentest dropboxes as quickly as possible.  In that adventure, I came across two time-saving discoveries: Using a Proxmox LXC as a ...

5 Des 202524min

7MS #703: Tales of Pentest Pwnage – Part 79

7MS #703: Tales of Pentest Pwnage – Part 79

Happy Thanksgiving week friends! Today we're celebrating a turkey and pie overload by sharing another fun tale of pentest pwnage! It involves using pygpoabuse to hijack a GPO and turn it into our pent...

28 Nov 202522min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
i-retten
forklart
popradet
fotballpodden-2
rss-gukild-johaug
dine-penger-pengeradet
stopp-verden
nokon-ma-ga
det-store-bildet
bt-dokumentar-2
hanna-de-heldige
rss-penger-polser-og-politikk
chit-chat-med-helle
frokostshowet-pa-p5
aftenbla-bla
e24-podden
rss-dannet-uten-piano