# Dict Guess List Mangle

## Wordlists

* Ron Bowes: <https://wiki.skullsecurity.org/Passwords>
* wordlists
* crackstation.net
* Rockyou

## Cewl

* Crawl a website to create your own dictionary: **Cewl.rb**

## Lockout

* Check your lockout settings before you start making password guesses!

```
> net accounts /domain
```

## Invalid Username - Hint

* Try to login
* Notice if Username gives different error "Invalid Username"
* We can brute-force this based on error.
* Go directly to [Hydra](https://pentest.mxhx.org/05-passwords-ciphers/hydra)

## Guessing

```
Servername
Summer20
Autumn20
Orgname1-99
Welcome1-99
Password1-99
Pass11
P@$$w0rd
Company Name
Football local teams
Keyboard walks
Add number increments
```

## Crackingstation

* npk - <https://github.com/Coalfire-Research/npk>
* Crackingstation
* Cloud: Cpu intense EC2 offer 1 compute unit .10/hr linux
* GPU w/33 compute units = 2 nvidia gpu 2.00/hr

## Trimming

```
wc -l dict
sort dict | uniq | wc -l
cat dict | sort -u | uniq > wordlist2.txt

grep -i nibble /opt/.../rockyou.txt > mydict.txt

grep -i 'user\|pass\|host\|name' mess.txt
grep -i -E 'user|pass|host|name' mess.txt
```

## Cleanup

```
Feed Line-Returns instead of #
#hello#thisisbad#hardtoread

tr '#' '\n' < input.txt > output.txt
```

## pw-inspector (hydra)

```
pw-inspector  ..help

-m 6   ..Min 6 digits
-M 12  ..Max 12 digits
-n     ..numbers
-u     ..upper
-l     ..lower
-p     ..non-alphnum
-c 2   ..Combination of 2

cat dict | pw-inspector -n
cat dict | pw-inspector -n > /tmp/newdict
cat dict | pw-inspector -m 6 -M 12 -n -u -l -c 2
```

## Hashcat Mangling

```
hashcat -a 6 -m 0 example0.hash example.dict ?a?a?a
hashcat -a 6 -m 0 example0.hash ?a?a?a example.dict 

6: hybrid/brute
0: method
hash file
dictionary + 3 chars at the end/beginning
```