Skip to content

Password Attacks

ℹī¸ Informations

  • 🌐 Website: HackTheBox
  • đŸ”Ĩ Level: Medium
  • 📚 Category: Offensive
  • 🔗 Link: Password Attacks

📜 Module description

Passwords are still the primary method of authentication in corporate networks. If strong password policies are not in place, users will often opt for weak, easy-to-remember passwords that can often be cracked offline and used to further our access. We will encounter passwords in many forms during our assessments. We must understand the various ways they are stored, how they can be retrieved, methods to crack weak passwords, ways to use hashes that cannot be cracked, and hunting for weak/default password usage.

📋 Sections

  1. Network Services
  2. Password Mutations
  3. Password Reuse Default Passwords
  4. Attacking SAM
  5. Attacking LSASS
  6. Attacking Active Directory & NTDS.dit
  7. Credential Hunting in Windows
  8. Credential Hunting in Linux
  9. Passwd Shadow & Opasswd
  10. Pass the Hash (PtH)
  11. Pass the Ticket (PtT) from Windows
  12. Pass the Ticket (PtT) from Linux
  13. Protected Files
  14. Protected Archives
  15. Password Attacks Lab - Easy
  16. Password Attacks Lab - Medium
  17. Password Attacks Lab - Hard