Skip to main content

One post tagged with "Custom John Rule"

This is an extension of dictionary attacks that involves creating custom wordlists based on specific rules, patterns, or information about a user or system. The Custom John Rule often leverages insights gained from password profiling or analysis to generate more effective and targeted attack lists. It can involve using word fragments, phrases, or character combinations that are likely to be used by users within the target group.

View All Tags

THM | Password Attacks

· 27 min read

Red Teaming | Password Attacks | Summary:

This room is designed to teach about various strategies and techniques used in cracking or guessing passwords. It covers both offline and online methods, including dictionary and brute-force attacks, rule-based attacks, and custom rules.

The room emphasizes password profiling, teaching users how to create effective wordlists using default, weak, leaked, combined, and username sources.

Other topics include keyspace techniques, CUPP (Custom Password Profile), and online attacks targeting FTP, SMTP, SSH, and HTTP login pages. Additionally, it introduces the concept of password spraying attacks.