Lab 5.1 Password Guessing Technical Journal - Foren-Ken/tech-journal GitHub Wiki

CEWL is a program used to scrape information off web pages with a set "deepness". Depth, when referring to CEWL, is how many webpages from the starting point it will go. In my case for this assignment, I had depth set to only the page I had provided to the command: cewl -w result.txt -d 0 https://website.com

rsmangler is a nice tool which "mangles" text to replicate the way the average person creates a password. This could be by combining certain words together or adding common numbers to a provided word. This is used to create plausible passwords to then use in a brute-force attack to guess the target's password. Parameters:

"-h" refers to the help menu "--output" determines the output file "--file" determines the input file "-x" sets an upper limit for a password's length "-m" sets the lower limit for a password's length

hydra was my preferred tool of use for brute-forcing. The versatility of this tool allowed me to do both SSH brute forcing and web server logins. Parameters:

"-l" makes the tool expect only one username to try all the passwords against. This takes a string input and won't work with file paths. "-L" makes the tool expect a path to a list of usernames to try the password(s) on. This takes only file paths "-p" makes the tool expect only one password to try on the provided username(s). This takes a string input and won't work properly with paths. "-P" makes the tool expect a path to a list of passwords to try the password(s) on. This takes only file paths [IP ADDRESS] Either after or before a fully satiated flag, a host name can be provided. In my scenario, an IP address was used as the target host location. "ssh" determines the service being targeted" "-V" makes the tool display a verbose version of the output, providing more information overall.

ISSUES: While using hydra, a problem I encountered with accessing http forms was that the prefix "http-get" had to be placed before entering the IP address. This would make it so instead of "http://WEBSITE.COM" it was http-get://WEBSITE.COM. I do not understand why it has to be done this way, but I assume different methods of imputing forums are necessary for security.