Maximum Password Length Reached!
A recent article by @mubix resurfaced the largely unknown fact that because password candidates (plain/mangled dictionary words and generated plain texts) are stored in GPU registers, there aren’t actually enough registers to store password candidates over certain lengths. As a result, our password cracking tools have been limited to these… Read More
One Rule to Rule Them All
Password cracking is a staple part of pentesting and with a few exceptions, dictionary/rule based attacks are the predominant method in getting those ever-elusive plain text values. Cracking rigs have afforded pentesters and blackhats alike the ability to throw a few graphics cards at some hashes and achieve phenomenal speeds,… Read More
Pwning with Responder – A Pentester’s Guide
Overview: Responder is a great tool that every pentester needs in their arsenal. If a client/target cannot resolve a name via DNS it will fall back to name resolution via LLMNR (introduced in Windows Vista) and NBT-NS. Now, assuming we have Responder running we will essentially say ‘yeah, this is… Read More
MS17-010, the new MS08-067?
This past Good Friday, @ShadowBrokers group (https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation) leaked a number of hacking tools/exploits from the NSA’s Arsenal. This leak contained operational notes from the NSA’s actively targeting of banks in the Middle East and their collection of exploitation tools targetting Microsoft Windows systems ranging from XP to Windows 8 and… Read More
Anatomy of a Hack: SQLi via Crypto
Cryptography has various advantages including confidentiality of information. However overzealous reliance on cryptography for securing applications is a bad idea. In this blog Sunil Yadav our lead trainer for “Appsec for Developers” training class, will discuss a case study where a SQL injection vulnerability was identified and exploited via an… Read More