#readwise # Vaccine Write-up ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/media/uploaded_book_covers/profile_301033/GvelLxMaN-uTGpyrqTij50YcTsYaWfAeykK2HjmbS8I-cove_alb7HII.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Vaccine Write-up - URL: https://readwise.io/reader/document_raw_content/295119171 ## Summary The text discusses finding and exploiting vulnerabilities in a system to gain access. It highlights the importance of password cracking and tools like John the Ripper and SQLmap for penetration testing. The author demonstrates how to crack passwords and test for SQL injection vulnerabilities. Finally, they show how to escalate privileges using found credentials to gain further access. ## Highlights John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is among the most frequently used password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others. ([View Highlight](https://read.readwise.io/read/01js6b3xnv6ej930jw4r5savt4)) ^4s5zdz ---