Lab 4 1 Password Guessing Class Activity CC - mirpag/Tech_Journal GitHub Wiki

Creating a wordlist

This will create a custom wordlist after going through a website.

Example:

cewl -w file.txt https://example.com

-w: write the output to the file

<url>: the site to use

-h, --help: show help

Wordlist mangling

This will take a wordlist and "mangle" them - basically makes different combinations with numbers, years, characters, etc.

Using your wordlists from before, select 4-5 unique words for each of the (in this case) faculty.

Then run rsmangler on the lists.

Example:

rsmangler -f file.txt -x 12 -m 9 -o MangledList.txt

-f: the input file (the wordlist: 4-5 words)

-x: the max word length

-m: the min word length

-o: the output file

--help, -h: show help

If you would like to see how many entries you have in the file, use the wc command

wc -l MangledList.txt

Password guessing

Hydra

Example:

hydra -l jhoag -P mangled_Hoag.txt http-get://192.168.4.246:80/

-l: Login name

-P: Load multiple passwords from a file

http-get://192.168.4.246:80/: service://server[:PORT][/OPT] (service can be ftp, ssh, etc. http needs specific methods)

-h: help

References

  1. https://tools.kali.org/password-attacks/cewl
  2. https://tools.kali.org/password-attacks/hydra
  3. https://tools.kali.org/password-attacks/rsmangler
⚠️ **GitHub.com Fallback** ⚠️