Wordlists

• CUPP (générateur de mot de passe selon profil utilisateur)

GitHub - Mebus/cupp: Common User Passwords Profiler (CUPP)

• Built in Lists pour Kali Linux

/usr/share/wordlists/ # dirb / metasploit/ rockyou / wfuzz
/usr/share/seclists/ #apt install seclist

WEB FUZZING TOOLS

• ZAP (owasp zap proxy)

#select page>attack>FUZZ...

• Burp (BurpSuite)

# send to "Intruder" => attack

• HYDRA

brute force de password de services web: ftp / ssh / formulaires web

hydra -l admin -P /usr/share/wordlists/rockyou.txt www.onlineshop.thm http-post-form "/login.php:username=^USER^&password=^PASS^:F=incorrect" -V

#bien passer tous les paramètres du formulaire ex:
hydra -L usernames -P passwords 192.208.137.3 http-post-form "/login.php:login=^USER^&password=^PASS^&security_level=0&form=submit:Invalid credentials or user not activated!"

hydra -l root -P passwords.txt [-t 32] 192.168.1.1 ftp # -t parallel tasks (default 16)

Local hash Brute force

JOHN THE RIPPER

sur fichier local (hash)

• On liste les algo/formats de chiffrement

john --list=formats
john --list=formats | grep -i md5 # exemple md5