content-update

docs/Password Attacks, Cracking & Decoding/JohnTheRipper/Basics.md

@@ -0,0 +1,36 @@
+
+```shell title:"John Basics" fold:folded
+#Basic Usage
+john hashfile.txt
+john --wordlist=/path/to/your/wordlist.txt hashfile.txt
+john --format=ntlm hashfile.txt
+john --format=bcrypt hashfile.txt
+
+#ssh2john
+#Encrypted SSH private key found? Crack it with ssh2john
+ 1) ssh2john id_rsa > crack.txt
+ 2) john --wordlist=/usr/share/wordlists/rockyou.txt crack.txt
+ 3) openssl rsa -in id_rsa
+    Enter pass phrase for id_rsa: PASSWORD_HERE
+
+#gpg2john
+#Encrypted PGP file found? Crack it with gpg2john
+gpg --import name.asc 
+gpg2john name.asc > hash
+john --format=gpg --wordlist=/usr/share/wordlists/rockyou.txt hash 
+gpg --decrypt somecredentials.pgp        # Enter the password found above. 
+
+#zip2john
+#Encrypted ZIP file found? Crack it with zip2john
+1) zip2john somezipname.zip > zipname.hash
+2) john zipname.hash 
+3) 7z e somezipname.zip
+   Enter password (will not be echoed): PASSWORD_HERE
+
+#keepass2john
+keepass2john some_pass_key.kdbx
+
+#rar2john
+rar2john SOME_FILE.rar > crack_this
+john --wordlist=/usr/share/wordlists/rockyou.txt crack_this
+```

docs/Password Attacks, Cracking & Decoding/JohnTheRipper/Cracking modes.md

@@ -0,0 +1,43 @@
+```shell title:"John Cracking Modes" fold:folded
+#Wordlist Mode | Dictionnary attack
+./john --wordlist=password.lst hashfile
+
+#Dictionnary attack using default or specific rules
+./john --wordlist=password.lst --rules=rulename hashFile
+./john --wordlist=password.lst --rules mypasswd
+
+#Mangling Rules Mode (hybrid)
+./john --wordlist=password.lst – rules: hashfile
+
+#Incremental mode (Brute Force)
+./john --incremental hashFile
+./john --incremental hashfile External mode (use a program to generate guesses) ./john --external: hashfile
+
+#Loopback mode (use POT as wordlist)
+./john --loopback hashFile
+./john --loopback hashfile Mask mode (read MASK under /doc) ./john --mask=?1?1?1?1?1?1?1?1 -1=[A-Z] hashfile -min-len=8 
+
+#Hybrid Mask mode
+./john -w=password.lst - mask='?l?l?w?l?l' hashfile
+
+# Mask bruteforce attack
+./john --mask=?1?1?1?1?1?1 --1=[A-Z] hashFile --min-len=8
+
+# Dictionnary attack using masks
+./john --wordlist=password.lst -mask='?l?l?w?l' hashFile
+
+#Markov mode (Read MARKOV under /doc).
+---First-generate-Markov-stats:
+./calc_stat wordlist markovstats
+---Then-run:
+./john -markov:200 -max-len:12 hashfile --mkv-stats=markovstats
+
+#Prince mode (Read PRINCE under /doc)
+./john --prince=wordlist hashfile
+
+#Most modes have Maxlen=13 in John.conf but it can be overwritten with
+-max-len=N up to 24
+
+
+
+```

docs/Password Attacks, Cracking & Decoding/JohnTheRipper/JohnTheRipper.md

@@ -0,0 +1,87 @@
+
+[Offensive Security Cheatsheet](https://cheatsheet.haax.fr/passcracking-hashfiles/john_cheatsheet/)
+
+```shell
+#Basic Usage
+john hashfile.txt
+john --wordlist=/path/to/your/wordlist.txt hashfile.txt
+john --format=ntlm hashfile.txt
+john --format=bcrypt hashfile.txt
+
+#ssh2john
+#Encrypted SSH private key found? Crack it with ssh2john
+ 1) ssh2john id_rsa > crack.txt
+ 2) john --wordlist=/usr/share/wordlists/rockyou.txt crack.txt
+ 3) openssl rsa -in id_rsa
+    Enter pass phrase for id_rsa: PASSWORD_HERE
+
+#gpg2john
+#Encrypted PGP file found? Crack it with gpg2john
+gpg --import name.asc 
+gpg2john name.asc > hash
+john --format=gpg --wordlist=/usr/share/wordlists/rockyou.txt hash 
+gpg --decrypt somecredentials.pgp        # Enter the password found above. 
+
+#zip2john
+#Encrypted ZIP file found? Crack it with zip2john
+1) zip2john somezipname.zip > zipname.hash
+2) john zipname.hash 
+3) 7z e somezipname.zip
+   Enter password (will not be echoed): PASSWORD_HERE
+
+#keepass2john
+keepass2john some_pass_key.kdbx
+
+#rar2john
+rar2john SOME_FILE.rar > crack_this
+john --wordlist=/usr/share/wordlists/rockyou.txt crack_this
+```
+
+```shell title:"John Cracking Modes" fold:folded
+#Wordlist Mode | Dictionnary attack
+./john --wordlist=password.lst hashfile
+
+#Dictionnary attack using default or specific rules
+./john --wordlist=password.lst --rules=rulename hashFile
+./john --wordlist=password.lst --rules mypasswd
+
+#Mangling Rules Mode (hybrid)
+./john --wordlist=password.lst – rules: hashfile
+
+#Incremental mode (Brute Force)
+./john --incremental hashFile
+./john --incremental hashfile External mode (use a program to generate guesses) ./john --external: hashfile
+
+#Loopback mode (use POT as wordlist)
+./john --loopback hashFile
+./john --loopback hashfile Mask mode (read MASK under /doc) ./john --mask=?1?1?1?1?1?1?1?1 -1=[A-Z] hashfile -min-len=8 
+
+#Hybrid Mask mode
+./john -w=password.lst - mask='?l?l?w?l?l' hashfile
+
+# Mask bruteforce attack
+./john --mask=?1?1?1?1?1?1 --1=[A-Z] hashFile --min-len=8
+
+# Dictionnary attack using masks
+./john --wordlist=password.lst -mask='?l?l?w?l' hashFile
+
+#Markov mode (Read MARKOV under /doc).
+---First-generate-Markov-stats:
+./calc_stat wordlist markovstats
+---Then-run:
+./john -markov:200 -max-len:12 hashfile --mkv-stats=markovstats
+
+#Prince mode (Read PRINCE under /doc)
+./john --prince=wordlist hashfile
+
+#Most modes have Maxlen=13 in John.conf but it can be overwritten with
+-max-len=N up to 24
+
+
+
+```
+
+
+
+
+

docs/Password Attacks, Cracking & Decoding/JohnTheRipper/Misc & Tricks.md

@@ -0,0 +1,29 @@
+```shell
+# Show hidden options
+./john --list=hidden-options
+
+# Using session and restoring them
+./john hashes --session=name
+./john --restore=name
+./john --session=allrules --wordlist=all.lst --rules mypasswd &
+./john status
+
+# Show the potfile
+./john hashes --pot=potFile --show
+
+# Search if a root/uid0 have been cracked
+john --show --users=0 mypasswdFile
+john --show --users=root mypasswdFile
+
+# List OpenCL devices and get their id
+./john --list=opencl-devices
+
+# List format supported by OpenCL
+./john --list=formats --format=opencl
+
+# Using multiples GPU
+./john hashes --format:openclformat --wordlist:wordlist --rules:rules --dev=0,1 --fork=2
+
+# Using multiple CPU (eg. 4 cores)
+./john hashes --wordlist:wordlist --rules:rules --dev=2 --fork=4
+```

docs/Password Attacks, Cracking & Decoding/JohnTheRipper/Rules.md

@@ -0,0 +1,46 @@
+```shell
+# Predefined rules
+--rules:Single
+--rules:Wordlist
+--rules:Extra
+--rules:Jumbo # All the above
+--rules:KoreLogic
+--rules:All # All the above
+# Create a new rule in John.conf
+[List.Rules:Tryout]
+l
+u
+...
+| Rule          | Description                                               |
+|------------	|-------------------------------------------------------	|
+| l          	| Convert to lowercase                                  	|
+| u          	| Convert to uppercase                                  	|
+| c          	| Capitalize                                            	|
+| l r        	| Lowercase the word and reverse it                     	|
+| l Az"2015" 	| Lowercase the word and append "2015" at the end       	|
+| d          	| Duplicate                                             	|
+| l A0"2015" 	| Lowercase the word and append "2015" at the beginning 	|
+| A0"#"Az"#" 	| Add "#" at the beginning and the end of the word      	|
+| C          	|  Lowercase the first char and uppercase the rest      	|
+| t          	| Toggle case of all char                               	|
+| TN         	| Toggle the case of the char in position N             	|
+| r          	| Reverse the word                                      	|
+| f          	| Reflect (Fred --> Fredderf)                           	|
+| {          	| Rotate the word left                                  	|
+| }          	| Rotate the word right                                 	|
+| $x         	| Append char X to the word                             	|
+| ^x         	| Prefix the word with X char                           	|
+| [          	| Remove the first char from the word                   	|
+| ]          	| Remove the last char from the word                    	|
+| DN         	| Delete the char in position N                         	|
+| xNM        	| Extract substring from position N for M char          	|
+| iNX        	| Insert char X in position N and shift the rest right  	|
+| oNX        	| Overstrike char in position N with X                  	|
+| S          	| Shift case                                            	|
+| V          	| Lowercase vowels and uppercase consonants             	|
+| R          	| Shift each char right on the keyboard                 	|
+| L          	| Shift each char left on the keyboard                  	|
+| <N         	| Reject the word unless it is less than N char long    	|
+| >N         	| Reject the word unless it is greater than N char long 	|
+| \'N         	| Truncate the word at length N                         	|
+```

docs/Password Attacks, Cracking & Decoding/JohnTheRipper/Wordlists & Incremental.md

@@ -0,0 +1,28 @@
+```shell
+# Sort a wordlist for the wordlist mode
+tr A-Z a-z < SOURCE | sort -u > TARGET
+
+# Use a potfile to generate a new wordlist
+cut -d ':' -f 2 john.pot | sort -u pot.dic
+
+# Generate candidate password for slow hashes
+./john --wordlist=password.lst --stdout --rules:Jumbo | ./unique -mem=25 wordlist.uniq
+--incremental:Lower # 26 char
+--incremental:Alpha # 52 char
+--incremental:Digits # 10 char
+--incremental:Alnum # 62 char
+
+# Create a new charset
+./john --make-charset=charset.chr
+
+# Then set the following in the John.conf
+# Incremental modes
+[Incremental:charset]
+File = $JOHN/charset.chr
+MinLen = 0
+MaxLen = 31
+CharCount = 95
+
+# Using a specific charset
+./john --incremental:charset hashFile
+```

docs/Password Attacks, Cracking & Decoding/Ncrack.md

@@ -0,0 +1,8 @@
+```shell
+ncrack -p 22 --user root -P 500-worst-passwords.txt 10.10.10.10
+ncrack -p ssh -u root -P 500-worst-passwords.txt -T5 10.10.10.10
+ncrack -user msfadmin -P pass.txt 10.10.10.10:21
+ncrack -U user.txt -pass msfadmin 10.10.10.10:21
+ncrack -U user.txt -P pass.txt 10.10.10.10:21
+ncrack -U user.txt -P pass.txt 10.10.10.10:21 -oN normal.txt
+```