![]() This is usually quick enough to run a single pass and get some good data out of it, namely how many passwords cracked from mutating the RockYou dictionary. If you find that you have a set of hashes from a Domain Controller with smart_hashdump or Mimikatz’ dcSync, I will usually run them through John in the following order on Kali: john -format=NT -rules -w=/usr/share/wordlists/rockyou.txt hashfile.txt ![]() Typically I will choose to use John just for some statistical analysis once the domain has been compromised. This makes it a perfect candidate for the use on a platform like Google Cloud. One of the advantages of using John is that you don’t necessarily need specialized hardware to attempt to crack hashes with it. Although projects like Hashcat have grown in popularity, John the Ripper still has its place for cracking passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |