rockyouare good for testing weak passwords. Many applications and services are installed with default passwords, so always check for those before attempting to crack them.
S=instead of failure parameter, verbose output:
:in the JSON messages:
mis the hash format (e.g. m 13100 is Kerberos 5)
a 0is a dictionary attack
o cracked.txtis the output file for the cracked password
target_hashes.txtis the hash to be cracked
/usr/share/wordlists/rockyou.txtis the absolute path to the wordlist
--forceis something I always have to add (think it's GPU-related)
cpasswordand use gpp-decrypt:
set usernameor run a custom list with
set user_file. You can also run a longer password list with
set pass_file. Depending on how fast the server responds, you could use a big wordlist but otherwise stick to
-mis the minimum word length for words to save to the wordlist.
-dis the maximum depth the spider is allowed to scrape.
-ois offsite, used to allow the spider to leave the current website to another website.
-wis write to output file, specify the output file here.