Cracking MD5 using Hashcat

| 0 comments

If you are not familiar with Hashcat then you are in luck. Before I get started, Wikipedia states Hashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. It is available free of charge, although it has a proprietary codebase. Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat currently supports a large range of hashing algorithms, including: Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX, and many others. The MD5 message-digest algorithm is a cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text …

Continue reading

Digital forensics and hardware identification

| 0 comments

I thought I would sit down and begin a series of articles surrounding digital forensics with hardware identification being the lead in. The subject of forensics is one that I personally have not placed a great deal of effort and recently I took the Computer Hacking Forensic Investigator training from EC-Council. On day one, I knew I was hooked and it may not be for reason that you may suspect. I enjoy hacking from a white hat perspective and understanding the black hats is key to being successful. Ironically on day one of the training, I quickly learned that my …

Continue reading

Rip DEFCON videos from YouTube

| 0 comments

Have you never attended DEFCON and want to watch hours upon hours of conference talks? You could always go the the DEFCON YouTube playlist and click your way around the hundreds of videos or you could download the videos. You could go search for a addon or extension for your favorite browser or search the myriad of software options. Downloading videos from YouTube can be simple, complex, free, or costly depending upon your experience, time, and resources. Years ago, I purchased a MacBook Pro and I also started learning more about Linux distributions such as Kali and Ubuntu. Moving away …

Continue reading

Getting started with the Mark IV WiFi Pineapple

| 0 comments

The WiFi Pineapple is an amazing and fun piece of technology. To be honest, I purchased this technology late in 2013 and I never really sat down and played with it until recently. I sat down with my MacBook Pro and in no time at all I was frustrated that I was not able to get the Pineapple working properly. My issue was either I was successful at obtaining an external IP address, but I was not successful at accessing the Pineapple’s web interface of 172.16.42.1:1471 and it took a bit of research to find out the root cause. In …

Continue reading

Metagoofil makes metadata extraction easy

| 0 comments

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf, doc, xls, ppt, docx, pptx, xlsx) belonging to a given target or victim website. The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information-gathering phase. Metadata serves five purposes: resource description; information retrieval; management of information; rights management, ownership and …

Continue reading

Email and file security using GPGTools

| 0 comments

Here we are talking about encryption again. Those men in black seem to be everywhere these days and I am not sure about you, but trust seems to be more and more difficult to come by these days. Before I get started about the use of GPGTools, I want to step up to the soapbox and talk a little bit about email phishing since this post is addressing email security. Phishing is a type of fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details or any other types …

Continue reading