John The Ripper
john --format=<hash_type> <hash or hash_file>
john --format=sha256 hashes_to_crack.txt
john --wordlist=<wordlist_file> --rules <hash_file>
Incremental Mode in John
john --incremental <hash_file>
Cracking Files
<tool> <file_to_crack> > file.hash
pdf2john server_doc.pdf > server_doc.hash
john server_doc.hash
# OR
john --wordlist=<wordlist.txt> server_doc.hash
locate *2john*
/usr/bin/bitlocker2john
/usr/bin/dmg2john
/usr/bin/gpg2john
/usr/bin/hccap2john
/usr/bin/keepass2john
/usr/bin/putty2john
/usr/bin/racf2john
/usr/bin/rar2john
/usr/bin/uaf2john
/usr/bin/vncpcap2john
/usr/bin/wlanhcx2john
/usr/bin/wpapcap2john
...SNIP...
Hydra
hydra -L user.list -P password.list ssh://10.129.42.197
hydra -L user.list -P password.list rdp://10.129.42.197
Credential Stuffing - Hydra Syntax
hydra -C <user_pass.list> <protocol>://<IP>
hydra -C user_pass.list ssh://10.129.42.197
CrackMapExec
crackmapexec <proto> <target-IP> -u <user or userlist> -p <password or passwordlist>
crackmapexec winrm 10.129.42.197 -u user.list -p password.list
crackmapexec smb 10.129.42.197 -u "user" -p "password" --shares
smbclient -U user \\\\10.129.42.197\\SHARENAME
Password Mutations
Hashcat Rule File
Generating Rule-based Wordlist
hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.lis
Hashcat Existing Rules
ls /usr/share/hashcat/rules/
Generaci贸n de listas de palabras basadas en reglas
Poner todas las letras en min煤scula.
Todas las letras en may煤sculas.
Escriba con may煤scula la primera letra y con min煤scula las dem谩s.
Reemplazar todas las instancias de X con Y.
A帽ade el car谩cter de exclamaci贸n al final.
: c so0 c so0 sa@ c sa@ c sa@ so0 $! $! c $! so0 $! sa@ $! c so0 $! c sa@ $! so0 sa@ $! c so0 sa@
```c
$ hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list
$ cat mut_password.list
password
Password
passw0rd
Passw0rd
p@ssword
P@ssword
P@ssw0rd
password!
Password!
脷ltima actualizaci贸n
