TryHackMe has a great room on this called: "passwordattacks"
This tool allows us to create passwords for a given keyspace
This tool allows us to generate a password list based on information about the target
john --wordlist=/tmp/single-password-list.txt --rules=best64 --stdout > output.txt
john --wordlist=/tmp/single-password-list.txt --rules=KoreLogic --stdout > output.txt
- Start by creating a sample list of words
- Run small Bash for loop to add years
- Try quick wins with username / username as the password
## Custom Words
January
February
March
April
May
June
July
August
September
October
November
December
Password
P@ssw0rd
htb
Secret
Autumn
Fall
Spring
Summer
## Custom Years and Exclamation
for i in $(cat custom-wordlist.txt); do echo $i; echo ${i}\!; echo ${i}2018; echo ${i}2018\!; echo ${i}2019; echo ${i}2019\!; echo ${i}2020; echo ${i}2020\!; echo ${i}2021; echo ${i}2021\!; echo ${i}2022; echo ${i}2022\!; done > password.txt
## Modify with Hashcat Password Rules
hashcat --force --stdout passwords.txt -r /usr/share/hashcat/rules/best64.rule -r /usr/share/hashcat/rules/toggles1.rule |sort -u | awk 'length ($0) > 8' > password_spray_final.txt