Tag: bruteforcing

Web Penetration Testing

Web application bruteforcer

Wfuzz is a tool designed to brutefore web applications, it’s very flexible, it supports: Recursion (when doing directory discovery) Post data bruteforcing Header bruteforcing Output to HTML (easy for just clicking the links and checking the page, even with postdata!) Colored output Hide results by return code, word numbers, line numbers, etc. Url encoding Cookies …

Brute-force, Cracking

Cracking NTLMv2 hashes

Hashcat hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. hashcat currently supports CPU’s, GPU’s other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable distributed password cracking. – https://github.com/hashcat/hashcat Install OpenCL Drivers If you are using Kali …

Brute-force, Cracking, John the Ripper

Crack RAR passwords – Bruteforcing

1> Open your kali Distribution 2> Extract password hash from your rar file: /usr/share/metasploit-framework/data/john/run.linux.x64.mmx/rar2john Desktop/myfile.rar > Desktop/myrarfile.hash/usr/share/metasploit-framework/data/john/run.linux.x64.mmx/rar2john Desktop/myfile.rar > Desktop/myrarfile.hash 3> Try to crack rar file password by bruteforcing it with john and its default passwords list. john Desktop/myrarfile.hashjohn Desktop/myrarfile.hash John Homepage: http://www.openwall.com/john/

Brute-force, Cracking, John the Ripper

Crack zip passwords – Bruteforcing

1> Open your kali Distribution 2> Extract password hash from your zip file: /usr/share/metasploit-framework/data/john/run.linux.x64.mmx/zip2john Desktop/myfile.zip > Desktop/myzipfile.hash/usr/share/metasploit-framework/data/john/run.linux.x64.mmx/zip2john Desktop/myfile.zip > Desktop/myzipfile.hash 3> Try to crack password by bruteforcing it using john and its default passwords lists. john Desktop/myzipfile.hashjohn Desktop/myzipfile.hash John Homepage: http://www.openwall.com/john/ Usage: john [OPTIONS] [PASSWORD-FILES]john [OPTIONS] [PASSWORD-FILES] Options: –config=FILE use FILE instead of john.conf or …

Brute-force, Cracking, hydra

Crack FTP passwords – Bruteforcing

Hydra – is a very fast network logon cracker which support many different services. FTP: hydra -l root -P passwordslist.txt -e ns -f -t 2 -vV x.x.x.x ftphydra -l root -P passwordslist.txt -e ns -f -t 2 -vV x.x.x.x ftp -l root try login with root username -P passwordslist.txt load passwords from file passwordslist.txt -e …