Dict Guess List Mangle
Wordlists
Ron Bowes: https://wiki.skullsecurity.org/Passwords
wordlists
crackstation.net
Rockyou
Cewl
Crawl a website to create your own dictionary: Cewl.rb
Lockout
Check your lockout settings before you start making password guesses!
> net accounts /domain
Invalid Username - Hint
Try to login
Notice if Username gives different error "Invalid Username"
We can brute-force this based on error.
Go directly to Hydra
Guessing
Servername
Summer20
Autumn20
Orgname1-99
Welcome1-99
Password1-99
Pass11
P@$$w0rd
Company Name
Football local teams
Keyboard walks
Add number increments
Crackingstation
Crackingstation
Cloud: Cpu intense EC2 offer 1 compute unit .10/hr linux
GPU w/33 compute units = 2 nvidia gpu 2.00/hr
Trimming
wc -l dict
sort dict | uniq | wc -l
cat dict | sort -u | uniq > wordlist2.txt
grep -i nibble /opt/.../rockyou.txt > mydict.txt
grep -i 'user\|pass\|host\|name' mess.txt
grep -i -E 'user|pass|host|name' mess.txt
Cleanup
Feed Line-Returns instead of #
#hello#thisisbad#hardtoread
tr '#' '\n' < input.txt > output.txt
pw-inspector (hydra)
pw-inspector ..help
-m 6 ..Min 6 digits
-M 12 ..Max 12 digits
-n ..numbers
-u ..upper
-l ..lower
-p ..non-alphnum
-c 2 ..Combination of 2
cat dict | pw-inspector -n
cat dict | pw-inspector -n > /tmp/newdict
cat dict | pw-inspector -m 6 -M 12 -n -u -l -c 2
Hashcat Mangling
hashcat -a 6 -m 0 example0.hash example.dict ?a?a?a
hashcat -a 6 -m 0 example0.hash ?a?a?a example.dict
6: hybrid/brute
0: method
hash file
dictionary + 3 chars at the end/beginning
Last updated
Was this helpful?