02-07-2022, 02:16 PM
first try
google it, there are plenty websites where you can upload/test hashes whether there are already known, crackstation is well known for example
the rest depends what you know about the hash, self given password with no rules or fully random and so on
hahscat with a good dictionary + rules (wordlist depends a little bit on the "target", german, russian, english, spanish whatsoever
existing rainbowtable well yeah no, good for plain ascii, not suitable for any other special chars like £§äöü߀ and so on, try cracking md5 of the german öl (oil) you will never get it with rainbowtables
top million list, well, the problem with these list is garbage (not really but jfyi), do you remember the adobe hack and the aftermath with "most used password is 12345"? well no this is bu****it, back then adobe bugged all users to register just for downloading the adobe reader and guess what happend, most used trashmails and trahspasses like 12345 because noone wanted to really register just for downloading this crap software but anyway
when it comes to rules
rules are MODIFYING passwords not generating them, so you will still need a good wordlist for this
just for fun, when i have access to the domain controller, i would roll out a keylogger per gpo wait a week and get all password plains for free
google it, there are plenty websites where you can upload/test hashes whether there are already known, crackstation is well known for example
the rest depends what you know about the hash, self given password with no rules or fully random and so on
hahscat with a good dictionary + rules (wordlist depends a little bit on the "target", german, russian, english, spanish whatsoever
existing rainbowtable well yeah no, good for plain ascii, not suitable for any other special chars like £§äöü߀ and so on, try cracking md5 of the german öl (oil) you will never get it with rainbowtables
top million list, well, the problem with these list is garbage (not really but jfyi), do you remember the adobe hack and the aftermath with "most used password is 12345"? well no this is bu****it, back then adobe bugged all users to register just for downloading the adobe reader and guess what happend, most used trashmails and trahspasses like 12345 because noone wanted to really register just for downloading this crap software but anyway
when it comes to rules
rules are MODIFYING passwords not generating them, so you will still need a good wordlist for this
just for fun, when i have access to the domain controller, i would roll out a keylogger per gpo wait a week and get all password plains for free