Lab 5.1 Password Guessing - Paiet/SEC-335 GitHub Wiki

What is CEWL?:

CEWL is a custom wordlist generator that crawls websites and creates wordlists based on its findings.

Check out the man page for info on how to use cewl.
-w [filename.txt] will write the output of the cewl crawl into a text file.
--with-numbers will extend the filter range to include numbers as well.
-e includes email addresses found

Using the text we found using cewl, create a new text file containing five of the most prominent words (prof-name_5wrd_list.txt)
Command used:

Rsmangler -x 12 -, 10 --file prof-name_5wrd_list.txt --output prof-name.rsmangler.tsxt -c -d -r -p -r -t -l -s -e -i --punctuation -C --pna --pnb --force --space --allow-duplicates

Every one of the switches used disables the "mangles" in order to slim down the list produced.

• Medusa is used for password guessing

• Make sure to include -M (module) you want to use: ex http, ssh, etc. Use nmap on the ip you're targeting in order to find open ports

• Hydra is a very fast network login cracker
  Syntax:

hydra -l [username] -P [pasword file] ssh://xxx.xxx.xxx.xxx -V -t 8