# Dict Guess List Mangle

## Wordlists

* Ron Bowes: <https://wiki.skullsecurity.org/Passwords>
* wordlists
* crackstation.net
* Rockyou

## Cewl

* Crawl a website to create your own dictionary: **Cewl.rb**

## Lockout

* Check your lockout settings before you start making password guesses!

```
> net accounts /domain
```

## Invalid Username - Hint

* Try to login
* Notice if Username gives different error "Invalid Username"
* We can brute-force this based on error.
* Go directly to [Hydra](/05-passwords-ciphers/hydra.md)

## Guessing

```
Servername
Summer20
Autumn20
Orgname1-99
Welcome1-99
Password1-99
Pass11
P@$$w0rd
Company Name
Football local teams
Keyboard walks
Add number increments
```

## Crackingstation

* npk - <https://github.com/Coalfire-Research/npk>
* Crackingstation
* Cloud: Cpu intense EC2 offer 1 compute unit .10/hr linux
* GPU w/33 compute units = 2 nvidia gpu 2.00/hr

## Trimming

```
wc -l dict
sort dict | uniq | wc -l
cat dict | sort -u | uniq > wordlist2.txt

grep -i nibble /opt/.../rockyou.txt > mydict.txt

grep -i 'user\|pass\|host\|name' mess.txt
grep -i -E 'user|pass|host|name' mess.txt
```

## Cleanup

```
Feed Line-Returns instead of #
#hello#thisisbad#hardtoread

tr '#' '\n' < input.txt > output.txt
```

## pw-inspector (hydra)

```
pw-inspector  ..help

-m 6   ..Min 6 digits
-M 12  ..Max 12 digits
-n     ..numbers
-u     ..upper
-l     ..lower
-p     ..non-alphnum
-c 2   ..Combination of 2

cat dict | pw-inspector -n
cat dict | pw-inspector -n > /tmp/newdict
cat dict | pw-inspector -m 6 -M 12 -n -u -l -c 2
```

## Hashcat Mangling

```
hashcat -a 6 -m 0 example0.hash example.dict ?a?a?a
hashcat -a 6 -m 0 example0.hash ?a?a?a example.dict 

6: hybrid/brute
0: method
hash file
dictionary + 3 chars at the end/beginning
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://pentest.mxhx.org/05-passwords-ciphers/dicts-lists-mangling.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.