Tips dan Trik

[tips and trick][bsummary]

Hiburan

[hiburan][twocolumns]

Crack Password dengan Findmyhash

Find my hash adalah salah satu tools password online attack di backtrack yang menggunakan bahasa pemograman python dan di ciptakan oleh laXmarcaellugar

agan bisa menemukan findmy hash di

Applications > Backtrack Privilege Escalation > Password Attack > Online Attack > Findmyhash

langsung saja buka console atau menekan ctrl+alt+t :

ariez@ganteng:~# cd /pentest/passwords/findmyhash


lalu ketikan seperti di bawah ini

ariez@ganteng:/pentest/passwords/findmyhash# ./findmyhash.py -h



lalu muncul deh keterangan seperti di bawah ini


./findmyhash.py 1.1.2 ( http://code.google.com/p/findmyhash/ )

Usage:
------

  python ./findmyhash.py <algorithm> OPTIONS


Accepted algorithms are:
------------------------

  MD4       - RFC 1320
  MD5       - RFC 1321
  SHA1      - RFC 3174 (FIPS 180-3)
  SHA224    - RFC 3874 (FIPS 180-3)
  SHA256    - FIPS 180-3
  SHA384    - FIPS 180-3
  SHA512    - FIPS 180-3
  RMD160    - RFC 2857
  GOST      - RFC 5831
  WHIRLPOOL - ISO/IEC 10118-3:2004
  LM        - Microsoft Windows hash
  NTLM      - Microsoft Windows hash
  MYSQL     - MySQL 3, 4, 5 hash
  CISCO7    - Cisco IOS type 7 encrypted passwords
  JUNIPER   - Juniper Networks $9$ encrypted passwords
  LDAP_MD5  - MD5 Base64 encoded
  LDAP_SHA1 - SHA1 Base64 encoded

  NOTE: for LM / NTLM it is recommended to introduce both values with this format:
         python ./findmyhash.py LM   -h 9a5760252b7455deaad3b435b51404ee:0d7f1f2bdeac6e574d6e18ca85fb58a7
         python ./findmyhash.py NTLM -h 9a5760252b7455deaad3b435b51404ee:0d7f1f2bdeac6e574d6e18ca85fb58a7


Valid OPTIONS are:
------------------

  -h <hash_value>  If you only want to crack one hash, specify its value with this option.

  -f <file>        If you have several hashes, you can specify a file with one hash per line.
                   NOTE: All of them have to be the same type.
                  
  -g               If your hash cannot be cracked, search it in Google and show all the results.
                   NOTE: This option ONLY works with -h (one hash input) option.


Examples:
---------

  -> Try to crack only one hash.
     python ./findmyhash.py MD5 -h 098f6bcd4621d373cade4e832627b4f6
    
  -> Try to crack a JUNIPER encrypted password escaping special characters.
     python ./findmyhash.py JUNIPER -h "\$9\$LbHX-wg4Z"
 
  -> If the hash cannot be cracked, it will be searched in Google.
     python ./findmyhash.py LDAP_SHA1 -h "{SHA}cRDtpNCeBiql5KOQsKVyrA0sAiA=" -g
  
  -> Try to crack multiple hashes using a file (one hash per line).
     python ./findmyhash.py MYSQL -f mysqlhashesfile.txt
    
    
Contact:
--------

[Web]           http://laxmarcaellugar.blogspot.com/
[Mail/Google+]  bloglaxmarcaellugar@gmail.com
[twitter]       @laXmarcaellugar

di sini kita mendapatkan contoh

-> Try to crack only one hash. = crack hanya satu jenis hash
     python ./findmyhash.py MD5 -h 098f6bcd4621d373cade4e832627b4f6
    
  -> Try to crack a JUNIPER encrypted password escaping special characters.

     python ./findmyhash.py JUNIPER -h "\$9\$LbHX-wg4Z"
 
  -> If the hash cannot be cracked, it will be searched in Google.
     python ./findmyhash.py LDAP_SHA1 -h "{SHA}cRDtpNCeBiql5KOQsKVyrA0sAiA=" -g
  
  -> Try to crack multiple hashes using a file (one hash per line).
     python ./findmyhash.py MYSQL -f mysqlhashesfile.txt

di sini ane menjelaskan crack password MD5 yaitu dengan mengetik perinta :

ariez@ganteng:/pentest/passwords/findmyhash# ./findmyhash.py MD5 -h 098f6bcd4621d373cade4e832627b4f6

Keterangan :
findmyhash.py = tools yang kita gunakan
MD5 = jenis password
di sini untuk password MD5 ane gunain contoh "098f6bcd4621d373cade4e832627b4f6"

langsung enter dan kemudian muncul penampakan :


ariez@ganteng:/pentest/passwords/findmyhash# ./findmyhash.py MD5 -h 6bca79aa922385fb94e413bae559cc1c

Cracking hash: 6bca79aa922385fb94e413bae559cc1c

Analyzing with hashcracking (http://victorov.su)...
... hash not found in hashcracking

Analyzing with thekaine (http://md5.thekaine.de)...
... hash not found in thekaine

Analyzing with tmto (http://www.tmto.org)...
... hash not found in tmto

Analyzing with rednoize (http://md5.rednoize.com)...
... hash not found in rednoize

Analyzing with md5-db (http://md5-db.de)...
... hash not found in md5-db

Analyzing with my-addr (http://md5.my-addr.com)...
... hash not found in my-addr

Analyzing with md5pass (http://md5pass.info)...
... hash not found in md5pass

Analyzing with md5decryption (http://md5decryption.com)...

***** HASH CRACKED!! *****
The original string is: admin@marinecyber.com


The following hashes were cracked:
----------------------------------

6bca79aa922385fb94e413bae559cc1c -> admin@marinecyber.com

ariez@ganteng:/pentest/passwords/findmyhash#


dan password "098f6bcd4621d373cade4e832627b4f6" adalah admin@marinecyber.com

thanks sudah membaca postingan dari newbie ini :) kalau ada kesalahan jangan di hina yah :p di tambahin ajah :) happy blogging

Penulis bernama lengkap Aris Sando Hamzah, S.Pi lahir di Ambon pada tahun 1994. Saat ini penulis berdomisili di Kota Kendari, Provinsi Sulawesi Tenggara Indonesia.

No comments:

Post a Comment

komputer

[komputer][bigposts]

Ispiratif

[inspirasi][bsummary]

IT

[IT][twocolumns]