Dict Guess List Mangle

Wordlists

Ron Bowes: https://wiki.skullsecurity.org/Passwords
wordlists
crackstation.net
Rockyou

Cewl

Crawl a website to create your own dictionary: Cewl.rb

Lockout

Check your lockout settings before you start making password guesses!

> net accounts /domain

Invalid Username - Hint

Try to login
Notice if Username gives different error "Invalid Username"
We can brute-force this based on error.
Go directly to Hydra

Guessing

Servername
Summer20
Autumn20
Orgname1-99
Welcome1-99
Password1-99
Pass11
P@$$w0rd
Company Name
Football local teams
Keyboard walks
Add number increments

Crackingstation

npk - https://github.com/Coalfire-Research/npk
Crackingstation
Cloud: Cpu intense EC2 offer 1 compute unit .10/hr linux
GPU w/33 compute units = 2 nvidia gpu 2.00/hr

Trimming

wc -l dict
sort dict | uniq | wc -l
cat dict | sort -u | uniq > wordlist2.txt

grep -i nibble /opt/.../rockyou.txt > mydict.txt

grep -i 'user\|pass\|host\|name' mess.txt
grep -i -E 'user|pass|host|name' mess.txt

Cleanup

Feed Line-Returns instead of #
#hello#thisisbad#hardtoread

tr '#' '\n' < input.txt > output.txt

pw-inspector (hydra)

pw-inspector  ..help

-m 6   ..Min 6 digits
-M 12  ..Max 12 digits
-n     ..numbers
-u     ..upper
-l     ..lower
-p     ..non-alphnum
-c 2   ..Combination of 2

cat dict | pw-inspector -n
cat dict | pw-inspector -n > /tmp/newdict
cat dict | pw-inspector -m 6 -M 12 -n -u -l -c 2

Hashcat Mangling

hashcat -a 6 -m 0 example0.hash example.dict ?a?a?a
hashcat -a 6 -m 0 example0.hash ?a?a?a example.dict 

6: hybrid/brute
0: method
hash file
dictionary + 3 chars at the end/beginning

PreviousCracking NextGet Hashes

Last updated 1 year ago