OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Crunch
  • cewl
  • Html2dic
  1. password attacks

Custom Worldlist

Crunch

All possible combination of 4 word capital letters in alphabet

crunch 4 4 ABCDEFGHIJKLMNOPQRSTUVWXYZ -o /root/Desktop/wordlist.txt

All possible combination of 5 digits, in numbers 

crunch 5 5 0123456789 -o /root/Desktop/numbers.txt

Creating wordlist containing year ( For example birthdate of target ) 

crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ -t @@@@1980 -o /root/Desktop/wordlist.txt
# This will add 1980 at last in every word ,

-p flag to prevent repeating word to be generated

Using the -p option in Crunch prevents characters or words from being repeated. This is especially useful when generating a wordlist with different combinations of given words. Let’s have a look at how this works if we specify the words ‘Virtual Hacking Labs’:

crunch 1 2 -p Virtual Hacking Labs
@ Lower case alpha characters
, Upper case alpha characters
% Numeric characters
^ Special characters including spac
crunch 6 8 -t ,@@^^%%

cewl

Cewl is a great tool that spiders through (i.e. indexes) all the webpages of a website based on the parameters you set and then outputs a list of all words it finds there.

Important parameters -

  • -m is the minimum word length for words to save to the wordlist.

  • -d is the maximum depth the spider is allowed to scrape.

  • -o is offsite, used to allow the spider to leave the current website to another website.

  • -w writes to output file, specify the output file here.

The -m, -d and -o parameters can impact enormously on the time the tool takes to produce the wordlist. For this reason, it is best not to set the value for -d (scanning depth) too high - especially when used in conjunction with -o which allows the spider to visit other sites.

cewl -d 1 -m 8 -w /root/Desktop/cewl.txt https://www.kali.org

Add minimum password length:

cewl -w createWordlist.txt -m 6 https://www.example.com

Tip: Is Cewl not working as expected? Keep in mind that tools like this generate a large number of requests for a given website which may trigger web application firewalls (WAF). When Cewl doesn't output any results, you can use the -v flag for verbose output which maybe give you a clue about the problem (such as WAF blocking requests).

Html2dic

curl http://example.com > example.txt

html2dic example.txt
PreviousCracking PasswordNextSearchsploit

Last updated 3 years ago