Password Guessing Lab

Recon Stage

• nslookup gave us a hostname bios.shire.org

• nmap shows us that port 22/tcp and 80/tcp are open and what they are running, and that port 9090 is closed but exists and it has the service name zeus-admin

Cewl

What is Cewl?

Cewl is pretty cool if I'm being honest. Cewl is a command-line tool that creates a wordlist of possible passwords derived from a webpage. Cewl wordlists are often extended and full of unlikely passwords as well as likely passwords, so some trimming will need to be done afterwards. Grep is an excellent tool for this. Grep examples below

Dirb

What is dirb?

dirb is a tool used to uncover hidden directories on web pages.

Examples

dirb http://10.0.5.21/ -r

-r turns off recursion

grep

What is grep?

Grep is essentially a search tool. Grep can be used to sift through files, directories, streams, pretty much anything and can return specified results. There are a lot of flags and arguments you can add to add a lot of detail to your search. You can also output grep outputs to text files.

Examples

grep -E '\bS' file.txt > file2.txt

This command looks through file.txt for all words that begin with the letter 'S', case sensitive, and outputs it into file2.txt. '\b' is a regex anchor that looks at the first letter of each word. 'S\b' is how you search for letters at the end of a word

Hydra

What is hydra?

Examples

Getting bilbo.baggins password

Getting samwise.gamgee password

Getting frodo.baggins password

Getting peregin.took password