[HTB academy] Password Attacks Notes (3)

1. Password Mutations

1) Password List

yeon0815@htb[/htb]$ cat password.list

password

 

2) Hashcat

(1) : - Do nothing

(2) l - Lowercase all letters

(3) u - Uppercase all letters

(4) c - Capitalize the first letter and lowercase others.

(5) sXY - Replace all instances of X with Y.

(6) $! - Add the exclamation character at the end.

 

3) Hashcat Rule File

yeon0815@htb[/htb]$ cat custom.rule

:
c
so0
c so0
sa@
c sa@
c sa@ so0
$!
$! c
$! so0
$! sa@
$! c so0
$! c sa@
$! so0 sa@
$! c so0 sa@

 

4) Generating Rule-based Wordlist

yeon0815@htb[/htb]$ hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list
yeon0815@htb[/htb]$ cat mut_password.list

password
Password
passw0rd
Passw0rd
p@ssword
P@ssword
P@ssw0rd
password!
Password!
passw0rd!
p@ssword!
Passw0rd!
P@ssword!
p@ssw0rd!
P@ssw0rd!

 

5) best64.rule

- Hashcat and John come with pre-built rule lists that we can use for our password generating and cracking purposes.

yeon0815@htb[/htb]$ ls /usr/share/hashcat/rules/

best64.rule                  specific.rule
combinator.rule              T0XlC-insert_00-99_1950-2050_toprules_0_F.rule
d3ad0ne.rule                 T0XlC-insert_space_and_special_0_F.rule
dive.rule                    T0XlC-insert_top_100_passwords_1_G.rule
generated2.rule              T0XlC.rule
generated.rule               T0XlCv1.rule
hybrid                       toggles1.rule
Incisive-leetspeak.rule      toggles2.rule
InsidePro-HashManager.rule   toggles3.rule
InsidePro-PasswordsPro.rule  toggles4.rule
leetspeak.rule               toggles5.rule
oscommerce.rule              unix-ninja-leetspeak.rule
rockyou-30000.rule

 

6) CeWL

- Scan potential words from the company's website and save them in a separate list.

yeon0815@htb[/htb]$ cewl https://www.inlanefreight.com -d 4 -m 6 --lowercase -w inlane.wordlist
yeon0815@htb[/htb]$ wc -l inlane.wordlist

326