Password Attacks

Username Custom Wordlist

Username list can be made with username-anarchy

ruby username-anarchy/username-anarchy -i username.txt -f flast,f.last,first.last,last.first

Bruteforcing WebApps

When a website needs to be bruteforced with login use cewl to make a wordlist:

cewl http://postfish.off/team.html -m 5 -w team.txt

Then use it with hydra

Normal:

hydra -l user -P /usr/share/wordlists/rockyou.txt <o[> http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed. Invalid"

Here Login failed. Invalid is the string it greps for to know the login is not successful.

fm_user is the parameter

Base64:

hydra -I -f -L custom-wordlist.txt -P custom-wordlist.txt 'http-post-form://192.168.227.61:8081/:username=^USER64^&password=^PASS64^

JohnTheRipper

To crack a hash:

--wordlist to specify wordlist

john --format=sha256 hashes_to_crack.txt

Tool

Description

pdf2john

Converts PDF documents for John

ssh2john

Converts SSH private keys for John

mscash2john

Converts MS Cash hashes for John

keychain2john

Converts OS X keychain files for John

rar2john

Converts RAR archives for John

pfx2john

Converts PKCS#12 files for John

truecrypt_volume2john

Converts TrueCrypt volumes for John

keepass2john

Converts KeePass databases for John

vncpcap2john

Converts VNC PCAP files for John

putty2john

Converts PuTTY private keys for John

zip2john

Converts ZIP archives for John

hccap2john

Converts WPA/WPA2 handshake captures for John

office2john

Converts MS Office documents for John

wpa2john

Converts WPA/WPA2 handshakes for John

To mutate the password:

hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list

If /etc/passwd file is editable then delete the "x" in it

Algorithm Types

$1$ – MD5
$2a$ – Blowfish
$2y$ – Eksblowfish
$5$ – SHA-256
$6$ – SHA-512

PreviousShells & Payloads NextWeb Applications

Last updated 8 months ago

Was this helpful?