Infrastructure penetration testing notes
  • Initial page
  • Table Of Content
  • Infrastructure testing
    • Enumeration
      • Packet Capture
      • Host Discovery
      • Services / Ports
        • 21 - FTP
        • 22 - SSH
        • 25 - SMTP
        • 53 - DNS
        • 67 - DHCP
        • 69 - TFTP
        • 79 - Finger
        • 88 - Kerberos
        • 111 - RPC
        • 113 - ident
        • 135 - MSRPC
        • 137 - Netbios
        • 139/445 - SMB
        • 161 - SNMP
        • 177 - XDMCP
        • 363 - LDAP
        • 443 - HTTPS
        • 500 - IKE (IPSEC)
        • 512/513/514 - R Services
        • 623 - IPMI
        • 873 - RSYNC
        • 1099 - Java RMI
        • 1433 - Microsoft SQL
        • 1521 - Oracle DB
        • 2049 - NFS
        • 3306 - MySQL
        • 3389 - RDP
        • 5432 - PostgresSQL
        • 5900 - VNC
        • 5985 - WinRM
        • 6000 - X11
        • 6379 - Redis
        • 8080 - Jenkins
        • 11211 - Memcached
        • RDS
        • SQLite
        • Docker
      • IPV6
        • Scanning
        • Enumeration
        • Transfering files
        • Pivoting and routes
        • THC IPv6
    • Gaining Access
      • IP Forwarding
      • VLAN Information
      • Psexec
      • Upgrading shell
      • Reverse Shells One-Liners
      • Bruteforce
      • MITM cleartext protocols
      • Null session
      • LLMNR / NBT NS Spoofing
      • Port knocking
      • Downloading/Transfer files
      • Remote Desktop
      • NAC Bypass
      • Pass-The-Hash
    • Exploitation
      • Solaris
      • IPv6
      • Windows
        • Compiling Code
        • SMB Vulnerabilities
        • Kerberos Attacks
    • Privilege Escalation
      • Situational Awareness
        • Linux
        • Windows
          • Registry
          • PowerView
          • FSMO Roles
      • Windows
        • Disable Apps and Firewall
        • Add user script
        • UAC Bypass
        • icacls
        • Running services
        • Common Exploits
      • Linux
        • SUID Shell script
        • CVE-2019-14287
        • Kernel exploit
      • Solaris
      • FreeBSD
      • Automated tools
      • Metasploit Modules
      • Password Dumping
    • Breakout
      • LOLBas
      • powershell constrained language byass
      • Alternatives to command prompt
      • Windows utilities
      • Applocker
      • Restricted shells
      • Environmental Variables / Bypassing Path Restrictions
      • Docker escape
      • Just Enough Administration (JEA)
    • Presistance
      • Windows
    • Pivoting
      • Adding routes
    • Password Cracking
      • Hashcat
      • John
      • Cisco Passwords
      • Passwords Lists
      • Generating wordlist
    • Tools
      • Nishang
      • UACME
      • Bypass-UAC
      • MSBuildAPICaller
      • Impacket
      • SharpPersist
      • Terminals
      • IP Calculation
      • pwsh
      • psTools / Sysinternals
      • Unlock applocker
      • enum4linux
      • Bloodhound
        • aclpwn
      • mitm6
      • Enyx
      • nfsshell
      • PowerUpSQL
      • Metasploit
        • msfvenom
    • Others
Powered by GitBook
On this page
  • Identify the hash (By Length)
  • Tools To identify hashes
  • hash-identifier
  • Hash-Buster
  • Decodify
  • Empty hashes
  • Hash Examples

Was this helpful?

  1. Infrastructure testing

Password Cracking

PreviousAdding routesNextHashcat

Last updated 4 years ago

Was this helpful?

Identify the hash (By Length)

Hash Lengths

Hash

Size

MD5 Hash Length

16 Bytes

SHA-1 Hash Length

20 Bytes

SHA-256 Hash Length

32 Bytes

SHA-512 Hash Length

64 Bytes

Tools To identify hashes

hash-identifier

Builtin in Kali.

Usage: hash-identifier

Hash-Buster

Link:

Usage: buster -s <hash>

Decodify

It can detect and decode encoded strings, recursively.

Empty hashes

Administrator:500:aad3b435b51404eeaad3b435b51404ee:8118cb8789b3a147c790db402b016a08:::

Administrator = user

500 = RID

Aad3b435b51404eeaad3b435b51404ee = empty LM hash

Hash Examples

Likely just use hash-identifier for this but here are some example hashes:

Hash

Example

MD5 Hash Example

8743b52063cd84097a65d1633f5c74f5

MD5 $PASS:$SALT Example

01dfae6e5d4d90d9892622325959afbe:7050461

MD5 $SALT:$PASS

f0fda58630310a6dd91a7d8f0a4ceda2:4225637426

SHA1 Hash Example

b89eaac7e61417341b710b727768294d0e6a277b

SHA1 $PASS:$SALT

2fc5a684737ce1bf7b3b239df432416e0dd07357:2014

SHA1 $SALT:$PASS

cac35ec206d868b7d7cb0b55f31d9425b075082b:5363620024

SHA-256

127e6fbfe24a750e72930c220a8e138275656b

8e5d8f48a98c3c92df2caba935

SHA-256 $PASS:$SALT

c73d08de890479518ed60cf670d17faa26a4a71f995c1dcc978165399401a6c4

SHA-256 $SALT:$PASS

eb368a2dfd38b405f014118c7d9747fcc97f4f0ee75c05963cd9da6ee65ef498:560407001617

SHA-512

82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e29134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f

SHA-512 $PASS:$SALT

e5c3ede3e49fb86592fb03f471c35ba13e8d89b8ab65142c9a8fdafb635fa2223c24e5558fd9313e8995019dcbec1fb584146b7bb12685c7765fc8c0d51379fd

SHA-512 $SALT:$PASS

976b451818634a1e2acba682da3fd6efa72adf8a7a08d7939550c244b237c72c7d42367544e826c0c83fe5c02f97c0373b6b1386cc794bf0d21d2df01bb9c08a

NTLM Hash Example

b4b9b02e6f09a9bd760f388b67351e2b

Link:

https://github.com/s0md3v/Hash-Buster
https://github.com/s0md3v/Decodify