Module 5 - skyleroriordan/my-tech-journal GitHub Wiki

CEWL

Cewl crawls sites and makes a wordlist

In the lab, I used the command sudo cewl -d 1 https://10.0.5.21/bios/bilbo | egrep '^[A-Z]' > bilbo.small.txt

egrep '^[A-Z]' made sure that it was only words with capital letters (i.e. proper nouns)

-d 1 set it so the depth was only 1

rsmangler

it takes a wordlist and mangles them in order to get a list of potential passwords.

The command is rsmangler --file {worldlist} -{flags} --output {outputfile}.txt

potential flags: -p: changes the order of words -l: makes words lowercase -u: makes words uppercase -s swaps the case -x sets max word length -m sets min word length -e adds an ed to the end of words -i adds an ing to the end of words

hydra

I found an admin page so using the wordlist from rsmangler I used hydra to crack the page.

The command I used was sudo hyrda -l bilbo -P bilbo.mangled.txt -f http-post://10.0.5.21/admin/

-f means finish when done

For an SSH attack I used the command sudo hydra -l bilbo.baggins -P bilbo.mangled.txt -f 10.0.5.21 -t 4 ssh

reflection:

My own passwords are mostly not guessable. They are not included in rockyou.txt. I use different cases, numbers, and special characters in all my passwords. I could improve them by making them to be longer.