Password cracking might be my favorite attack vector in the modern IoT landscape. There’s just something magical about firing up hashcat or John the Ripper and pitting your hardware against the product of questionable, human password choices.
Let’s begin with a brief walkthrough of hashcat. For those unfamiliar, a hash is an encrypted string of text, usually password text in the context of Information Security. Supporting a lot of different hashing algorithms, hashcat has an option for cracking almost any kind of hash. (more…)