Furthermore, the use of rule files found within the users favorite password cracking tool could essentially increase
the chances of recovering plain text passwords from an organization.
E.X >> The user is performing a penetration test against HackMe, Inc. The user knows the HackMe company has a website http://www.hackme.com/, and
uses BruteScrape against this site. The user now has a password file created specifically from parsing text within HackMe's website. The user
then uses this wordlist against hashes they had found during a phase of the pentest. The user then decides to use this wordlist against his list
of hashes within oclHashcat, and recovers the plain text of a hash: "hackme".
In this example, the user found a very weak password, but cases such as these would be very rare, as organizations usually have password policies
in place. The use of rules files would probably be more viable in recovering these plain text hash values, and so the user attempts to crack the
hashes again, this time using a rule file that will append 4 digits from 0000 - 9999 at the end of every word in his list.
Ah! More hashes are found: "hackme4331,hackme9901". How about a rule to change every word to leet speak?
More hashes found: "h4ckm3, h4ckm3,inc.P455". And so on and so forth.
< Usage >
Using the script is simple. The target webpage(s) should be listed in your "sites.scrape" file like so-
http://www.site.com,http://www.site2.com,http://www.site3.com/index.php,http://www.site4.com/admin
Then run the script-
python brutescrape.py
And that's it. The target sites defined in your "sites.scrape" file will be parsed through and the parsed words will be written to a file
named "passwordList.txt".
https://github.com/cheetz/brutescrape
No comments:
Post a Comment