Dict Guess List Mangle

Wordlists

Cewl

  • Crawl a website to create your own dictionary: Cewl.rb

Lockout

  • Check your lockout settings before you start making password guesses!

> net accounts /domain

Invalid Username - Hint

  • Try to login

  • Notice if Username gives different error "Invalid Username"

  • We can brute-force this based on error.

  • Go directly to Hydra

Guessing

Servername
Summer20
Autumn20
Orgname1-99
Welcome1-99
Password1-99
Pass11
P@$$w0rd
Company Name
Football local teams
Keyboard walks
Add number increments

Crackingstation

Trimming

wc -l dict
sort dict | uniq | wc -l
cat dict | sort -u | uniq > wordlist2.txt

grep -i nibble /opt/.../rockyou.txt > mydict.txt

grep -i 'user\|pass\|host\|name' mess.txt
grep -i -E 'user|pass|host|name' mess.txt

Cleanup

Feed Line-Returns instead of #
#hello#thisisbad#hardtoread

tr '#' '\n' < input.txt > output.txt

pw-inspector (hydra)

pw-inspector  ..help

-m 6   ..Min 6 digits
-M 12  ..Max 12 digits
-n     ..numbers
-u     ..upper
-l     ..lower
-p     ..non-alphnum
-c 2   ..Combination of 2

cat dict | pw-inspector -n
cat dict | pw-inspector -n > /tmp/newdict
cat dict | pw-inspector -m 6 -M 12 -n -u -l -c 2

Hashcat Mangling

hashcat -a 6 -m 0 example0.hash example.dict ?a?a?a
hashcat -a 6 -m 0 example0.hash ?a?a?a example.dict 

6: hybrid/brute
0: method
hash file
dictionary + 3 chars at the end/beginning
PreviousCrackingNextGet Hashes

Last updated