7 Minute Security29 Juli 2021

7MS #478: Password Cracking in the Cloud - Part 4

Hey friends, today we're continuing our discussion of password cracking by sharing some methodology that has helped us get a high cred yield, and some tips on taking cracked passwords from multiple sources and Frankensteining them into a beautiful report for your customer.

For some background, when 7MS started as a biz, we used to crack passwords in Paperspace but invested in an on-prem cracking rig a few years ago. That rig has been flipping sweet, but had some heating issues which prompted me to send the system in for warranty and use an awesome cracking rig in AWS in the meantime.

Whether you're cracking locally or in the cloud, here's a quick methodology that has cracked many a hash for us:

Do a straight-up hashcat crack against the PwnedPasswords list (at time of this writing I don't have a good source for the cracked versions of these passwords. I used to grab them at hashes.org. Anybody got an alternative?
Do a straight-up hashcat crack through the RockYou2021 list
Run the hatecrack methodology, including the quick crack, the quick crack with rules (I'm partial to OneRuleToRuleThemAll), and brute-forcing all 1-8 character passwords

Once I'm ready to wrap up all the cracked passwords and put them in a nice shiny report for the customer, I do the following (using hashcombiner and pipal):

# Run hash_combiner on hashcat's pot file and write results to a file python /opt/hc/hash_combiner.py user_hash /opt/hashcat/hashcat.potfile > /tmp/round1.txt # Run hash_combiner on hatecrack's pot file and write results to a file python /opt/hc/hash_combiner.py user_hash /opt/hatecrack/hashcat.pot > /tmp/round2.txt # Cat the two files together into a third file cat /tmp/round1.txt /tmp/round2.txt > /tmp/round3.txt # Sort and de-dupe the third file cat /tmp/round3.txt | sort -uf > /tmp/nice-and-clean.txt # Take just the passwords out of the "nice and clean" output cut -d ':' -f 2 /tmp/nice-and-clean.txt > /tmp/pipal-temp.txt # Score the passwords using pipal /opt/pipal/pipal.rb /tmp/pipal-temp.txt > /tmp/pip-final.txt

Now you've got a nice-and-clean.txt list of users and their cracked passwords, as well as the pip-final.txt with deeper analysis of cracked passwords, their commonalities, etc.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(721)

7MS #721: Fun Professional and Personal AI Project Ideas – Part 2

Hello friends! Picking up the AI-automation series from a couple weeks back — here's another batch of scripts and integrations that have been giving me precious minutes (and sanity) back. Yes, I had t...

8 Maj 25min

7MS #720: Tales of Pentest Pwnage – Part 84

Hey friends! Today's another Tales of Pentest Pwnage! Quick tangent first on a couple side projects: I've got a music thing at quack.house (like the duck noise, not the drug) and a podcast with my dan...

1 Maj 43min

7MS #719: Baby's First OpenClaw

Hey friends! This week's episode is "Baby's First OpenClaw" – basically me shouting into the void hoping a smart listener will DM me and explain why this thing is supposed to be life-changing. Because...

24 Apr 28min

7MS #718: Fun Professional and Personal AI Project Ideas

Hey friends! After last week's heavy episode about my wife's health scare in Punta Cana, today's is a lighter one. (Quick update: she's doing better – still recovering, but appetite's back and she's g...

17 Apr 28min

7MS #717: I Gave Up My Wife's PHI (And I'd Do It Again)

Hello friends! Today's episode is a bit of a detour from our usual content — it's part vacation horror story, part security/privacy confession. My wife got seriously ill during our spring break trip t...

10 Apr 48min

7MS #716: Tales of Pentest Pwnage – Part 83

Today is my favorite pentest pwnage tale of 2026 – and maybe ever! It centers around an ADCS abuse via an attack path I'd never seen before. Tips include: Use Netexec to pull Powershell history Try...

3 Apr 33min

7MS #715: Tales of Pentest Pwnage – Part 82

Hola friends! Today's another fun tale of pentest pwnage. This time we started with no credentials and then set off on the bumpy journey from no-cred zero to domain admin hero! One specific referen...

27 Mars 20min

7MS #714: Tales of Pentest Pwnage – Part 81

Hello friends! We're back with a fun tale of internal network pentest pwnage. This one highlights how AI can be used (with some guardrails!) to automate the boring stuff – and even help you pick par...

20 Mars 22min