02-07-2022, 01:12 AM
(This post was last modified: 02-07-2022, 08:51 PM by secpro.
Edit Reason: typo
)
I've been reading a lot about the various types of attacks one can do with hashcat and other tools.
I'm trying to put together a "typical" set of attacks that a skilled attacker would commonly use against a hash list of fast hashes such as ntlm. In other words, given a list of a few thousand ntlm (or md5) hashes, what would you normally try first? What attack second?
I understand one would try different things in different scenarios, but assume a a random corporate environment in the US, You get the SAM table from domain controller. Which attacks would you try first, second third, most of the time?
I understand that ntlm hashes of 9 characters or fewer are very vulnerable to rainbow tables, with a success rate of about 96%.
I would think, therefore, rainbow tables would be used first, then hashcat for the longer passwords?
A top million list seems like a good first thing to try, but maybe I'm wrong.
In my research I came across "OneRuleToRuleThemAll", which also looks promising.
Not having much actual experience, though, I could be completely off base.
I'm trying to put together a "typical" set of attacks that a skilled attacker would commonly use against a hash list of fast hashes such as ntlm. In other words, given a list of a few thousand ntlm (or md5) hashes, what would you normally try first? What attack second?
I understand one would try different things in different scenarios, but assume a a random corporate environment in the US, You get the SAM table from domain controller. Which attacks would you try first, second third, most of the time?
I understand that ntlm hashes of 9 characters or fewer are very vulnerable to rainbow tables, with a success rate of about 96%.
I would think, therefore, rainbow tables would be used first, then hashcat for the longer passwords?
A top million list seems like a good first thing to try, but maybe I'm wrong.
In my research I came across "OneRuleToRuleThemAll", which also looks promising.
Not having much actual experience, though, I could be completely off base.