Install crunch and then generate a word list with the following command. The 8 8 tells crunch to generate combinations that have a minimum and maximum length of 8. All the numbers from 1-0 tells crunch to use these characters, -o writes to output file.
Change options if desired.
crunch 8 8 1234567890 -o 8numberchars.lst
Further reading. https://tools.kali.org/password-attacks/crunch
Hydra is a network login cracker. You’ll need a password list and username(s) to get started.
Install Hydra
sudo apt-get install -y hydra
Launch against device
Change the IP address to the target IP
Change ubnt to target Username
Change password.lst to your password list file
SSH Example
hydra -l ubnt -P password.lst 192.168.1.20 ssh
Run hydra -h to get the full help.
Alfred@localhost:~$ hydra -h
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [service://server[:PORT][/OPT]]
Options:
-R restore a previous aborted/crashed session
-I ignore an existing restore file (don't wait 10 seconds)
-S perform an SSL connect
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help
-y disable use of symbols in bruteforce, see above
-e nsr try "n" null password, "s" login as pass and/or "r" reversed login
-u loop around users, not passwords (effective! implied with -x)
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ':' to specify port
-o FILE write found login/password pairs to FILE instead of stdout
-b FORMAT specify the format for the -o FILE: text(default), json, jsonv1
-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)
-t TASKS run TASKS number of connects in parallel per target (default: 16)
-T TASKS run TASKS connects in parallel overall (for -M, default: 64)
-w / -W TIME wait time for a response (32) / between connects per thread (0)
-c TIME wait time per login attempt over all threads (enforces -t 1)
-4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)
-v / -V / -d verbose mode / show login+pass for each attempt / debug mode
-O use old SSL v2 and v3
-q do not print messages about connection errors
-U service module usage details
-h more command line options (COMPLETE HELP)
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)
Supported services: adam6500 asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
v3.0. The newest version is always available at http://www.thc.org/thc-hydra
Don't use in military or secret service organizations, or for illegal purposes.
These services were not compiled in: afp ncp oracle sapr3.
Use HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.
E.g. % export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)
% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 entries)
% export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080
% export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)
Examples:
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
hydra -l admin -p password ftp://[192.168.0.0/24]/
hydra -L logins.txt -P pws.txt -M targets.txt ssh
Open a command prompt and run the following command.
netsh wlan show profiles name=* key=clear > Desktop\Passkeys.txt
You can now open up the Passkeys.txt file and view all your saved networks.
If you just need to view one network, you can refer to this link.
Basic steps are as follows.
After installing OpenVAS you may need to setup a user. Running the following command will create the user admin and will print the password for the user below.
openvasmd --create-user admin
Example output.
User created with password 'b4539967-c521-fe41-d255-aeb53e735h9a'.
If needed you can delete a user with the following command
openvasmd --delete-user=USERNAME
The following template can be used to set the user name and passwords for cambium pmp gear. Create a new template in cnMaestro, past in the following, change the passwordEncrypted to the hash of your password and run the config.
You can get the hashed password by pulling it out of a current radio config.
{
"userParameters": {
"authenticationConfig": {
"accounts": [
{
"userName": "admin",
"level": 3,
"readOnly": false,
"passwordEncrypted": "188a934e0246ae248da19400fed83107a"
},
{
"userName": "root",
"level": 3,
"readOnly": false,
"passwordEncrypted": "188a934e0246ae248da19400fed83107a"
}
]
}
}
}
Log into MySQL from command line
mysql -u root -p
Select the correct database
USE wordpress_db;
Print current users
SELECT * FROM wp_users;
Should get something similar to the following
mysql> SELECT * FROM wp_users
-> ;
+----+------------+------------------------------------+---------------+---------------------------+----------+---------------------+------------------------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+------------------------------------+---------------+---------------------------+----------+---------------------+------------------------------------+-------------+--------------+
| 1 | admin | 5f4dcc3b5aa765d61d8327deb882cf99 | admin | bob@incredigeek.com | | 2018-08-09 10:10:42 | | 0 | admin |
| 2 | bob | 210805fb52a13251f4bedc7e725e575a | bob | bob@incredigeek.com | | 2019-11-01 11:31:23 | | 0 | bob smith |
+----+------------+------------------------------------+---------------+---------------------------+----------+---------------------+------------------------------------+-------------+--------------+
3 rows in set (0.00 sec)
mysql>
To update the password use
UPDATE wp_users SET user_pass = MD5('NewPass') WHERE ID=1;
The MD5 hashes the NewPass and adds it to the database. You can print the users again to verify the hash changed.
You should now be able to login using the new password you configure.
Log into mysql
mysql -u root -p
List users
select User,Host from mysql.user;
Set password
set password for 'root'@'localhost' = PASSWORD('password');
On new versions of MySQL you may need to use
alter user 'root'@'localhost' IDENTIFIED BY 'password';
Switch to the zenoss user.
su zenoss
Change Zenoss admin password.
$ZENHOME/bin/zenpass
Restart zope.
zopectl restart