Password cracking notes

• 1. Default password resources
• 2. Weak and leaked password wordlists
• 3. Bash tricks
• 4. Passwords list generators
  • 4.1. Cewl
  • 4.2. Crunch
• 5. Offline hash cracking
  • 5.1. Dictionary attack
• 6. Online password attacks

1. Default password resources

• cirt.net
• default-password.info
• datarecovery.com

2. Weak and leaked password wordlists

• SecLists/Passwords
• skullsecurity.org

3. Bash tricks

cat file1.txt file2.txt > combined.txt      # Combine password files
sort combined.txt | uniq -u > cleaned.txt   # Remove duplicates

4. Passwords list generators

4.1. Cewl

Cewl tool crawles through a website and generates a wordlist specific to a given target. The generated wordlist might include employee names, locations and brand names.

cewl
    -w <file>       # Output file
    -m <num>        # Collect words with length >= 5
    -d <num>        # Depth level of crawling
    <url>           # Url to be crawled

4.2. Crunch

Crunch tool generates a list of strings based on specified parameters and patterns (-t <pattern>).

• @ - lower case alpha char
• , - upper case alpha char
• % - numeric char
• ^ - special char (spaces included)

crunch <min-chars> <max-chars> <allowed-chars> -o <output-file>
 
# Example
crunch 2 4 abcd12345 -o out.txt
crunch 2 4 -t pass%% -o out.txt

5. Offline hash cracking

NOTE: To determine a hash format the command: hashid -m <hash|file> can be used. -m flag prints a corresponding Hashcat mode number.

5.1. Dictionary attack

hashcat -a 0 -m <mode> <hash> <wordlist> 

6. Online password attacks

Hydra is a versatile tool to perform online password attacks. It's able to crack usernames and passwords to many different services: ftp, smtp, ssh, http.

# Single username, passwords list
hydra -l <username> -P <pass-list> ftp://ip
 
# Usernames list, passwords list
hydra -L <user-list> -P <pass-list smtp://ip
 
# Usernames list, single password
hydra -L <user-list> -p <password> ssh://ip