Nephelees
Néphélées (Νεφήλαι, Nephḗlai) : cloud nymphs greek - also a NTDS cracking tool abusing Google Colab
Most of the credits are due to @mxrch and @ShutdownRepo. This repository is mostly a rework of their scripts, head over to the References for more informations.
Quick Start
- Open the
ipynbfile by clicking on the button Open in Colab - Select Runtime, Change runtime type, and set Hardware accelerator to GPU.
- Select Runtime" and Run all" !
- On your local machine, run hashonymize to anonymize your hash lists
- Upload your anonymized hashes list on the colab
!wget http://yourip:yourport/yourfileor with the upload button - Install requirements (hashcat + wordlists + rules)
- Run hashcat commands
- Recover the .pot file from the Google Colab
!curl --upload-file ~/.hashcat/hashcat.potfile http://yourip:yourport/or download the file from the explorer in the left side of the panel. - On your local machine, run the following hashcat command with the recovered potfile to match real usernames with cracked password
hashcat --potfile-path hashcat.potfile --hash-type 1000 --username example.ntds wordlists/rockyou.txt
ℹ️ Markvov chain are enabled in default hashcat version. P100 GPU is an equivalent of GTX1080.
Hashcat Cheatsheet
Here are some of the most used attack modes for the --attack-mode option
0 Wordlist (with or without rules)
3 Pure bruteforce
Here are some of the most used hash types for the --hash-type option
1000 NTLM (actually its for NT hashes)
3000 LM
5500 Net-NTLMv1 (actually, it should be called NTLMv1)
5600 Net-NTLMv2 (actually, it should be called NTLMv2)
13100 Kerberoast
18200 ASREProast
22000 WPA-PBKDF2-PMKID+EAPOL
16800 WPA-PMKID-PBKDF2
0 md5
100 sha1
1400 sha2-256
1700 sha2-512Hashcat masks for custom cracking
command: -a 3 ?l?l?l?l?l?l?l?l
keyspace: aaaaaaaa - zzzzzzzz
command: -a 3 -1 ?l?d ?1?1?1?1?1
keyspace: aaaaa - 99999
command: -a 3 password?d
keyspace: password0 - password9
command: -a 3 -1 ?l?u ?1?l?l?l?l?l19?d?d
keyspace: aaaaaa1900 - Zzzzzz1999
command: -a 3 -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2
keyspace: 00aaaaa - ffZZZZZ
command: -a 3 -1 efghijklmnop ?1?1?1
keyspace: eee - pppReferences & Ideas
- https://github.com/mxrch/penglab
- https://github.com/ShutdownRepo/hashonymize
- https://github.com/ShutdownRepo/google-colab-hashcat
- https://github.com/carlmon/Hashcat-Azure
- https://durdle.com/2017/04/23/using-hashcat-to-crack-hashes-on-azure/
- https://www.trillsecurity.com/tutorials/automating-hashtopolis-with-terraform-part-i/
- https://www.trillsecurity.com/tutorials/automating-hashtopolis-with-terraform-part-ii/
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent