Jack Recider

You found me. I'm here. And the Windows computer is like, oh, thank goodness. I've been looking for you everywhere. I'd like to connect to you. And Responder is like, sure, of course you can connect to me. But you need to authenticate first. Yeah. And the Windows computer is like, oh, yes, of course. Okay, here's my username and password. Now, Microsoft takes your security seriously.

You found me. I'm here. And the Windows computer is like, oh, thank goodness. I've been looking for you everywhere. I'd like to connect to you. And Responder is like, sure, of course you can connect to me. But you need to authenticate first. Yeah. And the Windows computer is like, oh, yes, of course. Okay, here's my username and password. Now, Microsoft takes your security seriously.

So it doesn't actually send your password over the network. Instead, it sends a password hash. And since Responder is this dirty little liar on your network, it snatches that username and that password hash and gives it to the penetration tester or hacker who's running the tool. Saying something like, hey, someone just tried to connect to me using this username and this password hash. Here you go.

So it doesn't actually send your password over the network. Instead, it sends a password hash. And since Responder is this dirty little liar on your network, it snatches that username and that password hash and gives it to the penetration tester or hacker who's running the tool. Saying something like, hey, someone just tried to connect to me using this username and this password hash. Here you go.

Typically, Responder only works against computers in the same subnet as it. So if you're in the same subnet, then yeah, Responder is an amazing tool at finding usernames and password hashes. Now, a password hash is not the password. It's a gibberish set of characters that you get when your password goes through an algorithm.

Typically, Responder only works against computers in the same subnet as it. So if you're in the same subnet, then yeah, Responder is an amazing tool at finding usernames and password hashes. Now, a password hash is not the password. It's a gibberish set of characters that you get when your password goes through an algorithm.

And the thing is, in some cases, you can crack this hash to get the password. And a common method for cracking passwords is brute force. Take the top one million most common passwords and hash them. And then see if any of those hashes match the password hash you just got. And if so, you found the password. Exactly. So we use something called Hashcat. We'll take that hash.

And the thing is, in some cases, you can crack this hash to get the password. And a common method for cracking passwords is brute force. Take the top one million most common passwords and hash them. And then see if any of those hashes match the password hash you just got. And if so, you found the password. Exactly. So we use something called Hashcat. We'll take that hash.

We will plug it into hash. Tell me about this. So to crack that, that's not on the Raspberry Pi because the Raspberry Pi doesn't have... the CPU cycles to be able to throw a billion passwords at that thing and try to figure out which one it is. What's your method for cracking it?

We will plug it into hash. Tell me about this. So to crack that, that's not on the Raspberry Pi because the Raspberry Pi doesn't have... the CPU cycles to be able to throw a billion passwords at that thing and try to figure out which one it is. What's your method for cracking it?

Okay. Now, what's your kind of success rate on getting one hash and being able to crack that single hash?

Okay. Now, what's your kind of success rate on getting one hash and being able to crack that single hash?

A different question, which is kind of in the same realm, is suppose you have the entire AD database of hashes. What percentage of passwords do you think you're going to crack out of that?

A different question, which is kind of in the same realm, is suppose you have the entire AD database of hashes. What percentage of passwords do you think you're going to crack out of that?

So he's basically trying billions of passwords to see if any of them match this hash. Of course, the longer that his hashcat tool runs, the more passwords are tried. And so they might start with the top 1 million most used passwords and then try making slight modifications to those, like putting a 1 at the end or capitalize the first letter.

So he's basically trying billions of passwords to see if any of them match this hash. Of course, the longer that his hashcat tool runs, the more passwords are tried. And so they might start with the top 1 million most used passwords and then try making slight modifications to those, like putting a 1 at the end or capitalize the first letter.

Maybe add in their own word list, such as the company name or mascot or city or address or person's name or kid's name. If no luck there, then... Try every word in the dictionary, but add numbers to the end of it and maybe mix it up a little bit and see if that works. And just try tons of combinations. And pretty much all the stuff I've listed so far probably only takes like a few hours or less.

Maybe add in their own word list, such as the company name or mascot or city or address or person's name or kid's name. If no luck there, then... Try every word in the dictionary, but add numbers to the end of it and maybe mix it up a little bit and see if that works. And just try tons of combinations. And pretty much all the stuff I've listed so far probably only takes like a few hours or less.

Now, after the tool has tried all this, it just then starts going through every single possible character combination in the world, such as AAA, AAB, AAC, AAD. So this combination of finding a username and password hash from Responder and then trying to crack it in Hashcat could take hours or even days, since it's about waiting and timing and maybe brute forcing the password.

Now, after the tool has tried all this, it just then starts going through every single possible character combination in the world, such as AAA, AAB, AAC, AAD. So this combination of finding a username and password hash from Responder and then trying to crack it in Hashcat could take hours or even days, since it's about waiting and timing and maybe brute forcing the password.