-
Notifications
You must be signed in to change notification settings - Fork 5
Password Cracking
F1shh edited this page Mar 31, 2022
·
1 revision
Use content from webpages to build a dictionary. This can include company pages, Facebook, twitter, and any other resource gathered when doing OSINT on the target. To grab all words from a page, Use Cewl.
cewl:
cewl https://example.com- Burpsuite (intruder): https://portswigger.net/burp
- Hydra: https://github.com/vanhauser-thc/thc-hydra
Hydra:
hydra -u <username> -P <LIST> <ip> <Protocol>Protocols: telnet, smtp, http, https, smb, rpc, rdp, pop, sql.
Easy ports to hit: 20-23, 25, 80, 443, 135, 139.
- Specify speed when bruteforcing SSH or you will hit a wall quickly. Using hydra, this is done using the
T4parameter. - Stop after gaining access to one account. Try its creds on everything, and use its creds for further enumeration. Never forget to try
sudo -ifor easy escalation. - Always take a look around the host machines file system when possible. potential low hanging fruit for enumeration. EX: Local user list at
/etc/passwd. - Never crack hashes on target machine. Speed and stealth will be abysmal.