All notes
Password cracking notes
- 1. Default password resources
- 2. Weak and leaked password wordlists
- 3. Bash tricks
- 4. Passwords list generators
- 5. Offline hash cracking
- 6. Online password attacks
1. Default password resources
2. Weak and leaked password wordlists
3. Bash tricks
cat file1.txt file2.txt > combined.txt # Combine password files
sort combined.txt | uniq -u > cleaned.txt # Remove duplicates
4. Passwords list generators
4.1. Cewl
Cewl
tool crawles through a website and generates a wordlist specific to a given target. The generated wordlist might include employee names, locations and brand names.
cewl
-w <file> # Output file
-m <num> # Collect words with length >= 5
-d <num> # Depth level of crawling
<url> # Url to be crawled
4.2. Crunch
Crunch
tool generates a list of strings based on specified parameters and patterns (-t <pattern>
).
- @ - lower case alpha char
- , - upper case alpha char
- % - numeric char
- ^ - special char (spaces included)
crunch <min-chars> <max-chars> <allowed-chars> -o <output-file>
# Example
crunch 2 4 abcd12345 -o out.txt
crunch 2 4 -t pass%% -o out.txt
5. Offline hash cracking
NOTE: To determine a hash format the command: hashid -m <hash|file>
can be used. -m
flag prints a corresponding Hashcat mode number.
5.1. Dictionary attack
hashcat -a 0 -m <mode> <hash> <wordlist>
6. Online password attacks
Hydra
is a versatile tool to perform online password attacks. It's able to crack usernames and passwords to many different services: ftp
, smtp
, ssh
, http
.
# Single username, passwords list
hydra -l <username> -P <pass-list> ftp://ip
# Usernames list, passwords list
hydra -L <user-list> -P <pass-list smtp://ip
# Usernames list, single password
hydra -L <user-list> -p <password> ssh://ip