Cyber Security / Ethical Hacking
  • Prologue
  • CTF/OSCP Prep
    • Fundamentals
      • Linux
        • Basics
        • Bash Scripting
      • Windows
        • Basics
        • PowerShell
          • Scripting
        • CMD
      • Kali Survivor Skills
    • Information Gathering
      • Passive Recon
      • Active Recon
    • Enumeration
      • Common Ports
      • Vulnerability Analysis
    • Exploitation
      • Shells
  • Binary Exploitation / Exploit Development
    • Useful tools and techniques for Binary Exploitation
    • Shellcoders Handbook
      • Chapter 2 - Stack Overflows
        • Linux Buffer Overflow With Command Injection
        • Linux Buffer Overflow Without Shellcode
      • Chapter 3 - Shellcode
  • TryHackMe
    • Linux Fundamentals
      • Linux Challenges
      • RP: tmux
      • Common Linux Privesc
    • Advent of Cyber
      • Inventory Management
      • Arctic Forum
      • Evil Elf
      • Training
      • Ho-Ho-Hosint
      • Data Elf-iltration
      • Skilling Up
      • SUID Shenanigans
      • Requests
      • Metasploit-a-ho-ho-ho
      • Elf Applications
      • Elfcryption
      • Accumulate
      • Unknown Storage
    • Web Application Security
      • Web Fundamentals
      • Juice Shop
      • WebAppSec 101
    • Linux Privesc Playground
    • Intro to x86-64
    • Ninja Skills
    • CC: Radare2
    • Reversing ELF
    • Intro to Python
    • ToolsRus
  • Programming
    • Python
      • Simple TCP Port Scanner/ Banner Grabber
      • Botnet
      • Keylogger
      • Nmap Scanner
    • Golang
      • Execute Commands
      • MAC changer
      • TCP Port Scanner
      • TCP Port Scanner (improved with goroutines)
      • GoNmap Scanner
  • Protostar
    • Stack 0
    • Stack 1
    • Stack 2
  • Web App Pentesting
    • Recon
    • Authentication (Portswigger Academy)
      • Vulnerabilities in password-based login
        • Username Enumeration via different responses
        • Username enumeration via subtly different responses
        • Username enumeration via response timing
        • Broken brute-force protection, IP block
        • Username enumeration via account lock
        • Broken brute-force protection, multiple credentials per request
      • Vulnerabilities in multi-factor authentication
        • 2FA simple bypass
        • 2FA Broken Logic
        • 2FA bypass using a brute-force attack
      • Vulnerabilities in other authentication mechanisms
    • Broken Acess Controls
      • Insecure direct object references (IDOR)
        • Insecure direct object references lab
  • HackTheBox
    • Active
      • Untitled
      • Blunder
Powered by GitBook
On this page

Was this helpful?

  1. TryHackMe
  2. Advent of Cyber

Evil Elf

Wireshark and Password Cracking

PreviousArctic ForumNextTraining

Last updated 5 years ago

Was this helpful?

Packet capture

Given the right permissions, anyone can load a program such as Wireshark and start capturing network traffic. We can easily filter through a network capture file, and view what data our computer has been sending and receiving, as well as sniffing traffic on a switch or hub and reveal what everyone has been looking at.

Without packet data being encrypted, we could see all network requests and responses, along with its data. If the packet data wasn't encrypted, we could see what websites people have been visiting, users personal information (credentials, bank account data, etc). Protocols such as telnet and http will transfer data in plaintext, which means we can extract human-readable data out of it.

Useful terms:

  • Packet - a packet consists of control information and user data, which is also known as the payload

  • Protocol - a network protocol is a set of rules followed by the network (an example of a protocol is HTTP)

  • Port - a network port is a number that identifies one side of a connection between two computers. Computers use port numbers to determine to which process or application a message should be delivered

Password cracking

Hashing and encryption are not the same. If we encrypt something, we can decrypt it again to the original plain text data. With a hash, it only works one way. We can turn it into another not-human readable form and it cannot be reversed. With a hash, the only way to tell the value of the hash is, taking characters, hashing them and comparing them to see if both hashes are the same.

We can try and Crack the Hash by taking a wordlist, using a hashing algorithm and hashing each word from the list, comparing it to the original. If it's the same hash, we have the word that was original hashed, if not we can move onto the next word to compare.

Dissecting an hash:

Blue shows the username, the green shows all the hash information, and the red color shows the rest of the data.

Download the pcap and open it with Wireshark.

Follow TCP Stream

Find the type of hash

Find hash-type number in hashcat

Crack the hash

Using the first $6 we can look up what type of hash algorithm was used, checking this page: .

https:/hashcat.net/wiki/doku.php?id=example_hashes