Week #5 Notes on RSMangler & Reflection on SSH Password Cracking - connorethanjay/Champlain-College-CNCS-Notes GitHub Wiki

CEWL

CEWL is used to crawl a website and generate a custom list of words (a wordlist) for future use (eg. password cracking).

cewl -w words.txt https://example.com

You can set the depth using the -d flag and set the minimum word length in characters using -m.

RSMangler

RSMangler is an executable that takes a wordlist (eg. list of nouns) and will mangle them to your speciifcations. Six words in RSMangler alone can generate over 15,000 variations. This can be used in tandem with the Hydra password cracking tool to brute-force into a service such as HTTP or SSH.

rsmangler --file words.txt --output words-mangled.txt

Hydra

Hydra is an executable that takes a wordlist (mangled or unmangled), a username, a host, and the service running on the host, and will attempt to log in as that user. It is simple and efficient for it's purpose (password cracking).

Reflection on this lab

• In password cracking labs, complete them as soon as possible. SSH password cracking can take multiple hours, and it has the potential to take much longer when simply guessing.
• I do have a throwaway password for systems with little to no priviledged access on my personal environment. I should look into changing this since I actively use a password manager / generator.