Password Guessing - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki
Password Guessing Lab
Recon Stage
-
nslookup gave us a hostname bios.shire.org
-
nmap shows us that port 22/tcp and 80/tcp are open and what they are running, and that port 9090 is closed but exists and it has the service name zeus-admin
Cewl
What is Cewl?
Cewl is pretty cool if I'm being honest. Cewl is a command-line tool that creates a wordlist of possible passwords derived from a webpage. Cewl wordlists are often extended and full of unlikely passwords as well as likely passwords, so some trimming will need to be done afterwards. Grep is an excellent tool for this. Grep examples below
Dirb
What is dirb?
dirb is a tool used to uncover hidden directories on web pages.
Examples
dirb http://10.0.5.21/ -r
-r turns off recursion
grep
What is grep?
Grep is essentially a search tool. Grep can be used to sift through files, directories, streams, pretty much anything and can return specified results. There are a lot of flags and arguments you can add to add a lot of detail to your search. You can also output grep outputs to text files.
Examples
grep -E '\bS' file.txt > file2.txt
This command looks through file.txt for all words that begin with the letter 'S', case sensitive, and outputs it into file2.txt. '\b' is a regex anchor that looks at the first letter of each word. 'S\b' is how you search for letters at the end of a word
Hydra
What is hydra?
Examples
Getting bilbo.baggins password
Getting samwise.gamgee password
Getting frodo.baggins password
Getting peregin.took password