Skip to content

Password Mutations

Hashcat:

  • adding rules to a password list
    • Rules - https://hashcat.net/wiki/doku.php?id=rule_based_attack Create rule-mutated password file
  • create a file custom.rule using the above rules
  • hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list

  • use the mut_password.list with crackmapexec or hydra

  • Cracking directly using hashcat and rules

    • hashcat -m 0 hashes.txt password -r /usr/share/hashcat/rules/rockyou-30000.rule

Generate a wordlist from a website - Custom Wordlist generator - cewl https://www.inlanefreight.com -d 4 -m 6 --lowercase -w inlane.wordlist - -d : depth of the spider - -m : minimum length of the word - --lowercase : store lowercase words only

Password reuse

  • Reusing passwords is imminent
  • Most apps come with default creds during the install.
    • These are not changed on the internal network by admins as they assume no one can access it

Creds - Default Creds

  • https://github.com/ihebski/DefaultCreds-cheat-sheet
  • sudo /credentials/bin/python3 creds search daloradius
  • sudo /credentials/bin/python3 creds update

Credential Stuffing: Hydra

  • hydra -C <user_pass.list> <protocol>://<IP>
  • create a list of credentials of the format username:password

Router Creds:

  • https://www.softwaretestinghelp.com/default-router-username-and-password-list/