various changes

.gitignore

@@ -0,0 +1,3 @@
+*.py[cod]
+__pycache__/
+gen-toc.sh

cheatsheets/security/windows/internal-audits/internal-audit.md

@@ -297,6 +297,18 @@ sh> ntlmrelayx.py -tf targets.txt
 sh> ntlmrelayx.py -tf targets.txt -c <insert your Empire Powershell launcher here>
 ```
 
+## Password Cracking
+
+* https://tools.kali.org/password-attacks/cewl
+* https://github.com/NotSoSecure/password_cracking_rules
+
+Rule:
+```
+Then save the first, lastname of the user accounts and full name.. use sed also to capitalize the first letter and use those.. then run with -a 6 with ur wordlist.txt adding custom-charset1=!@$#% and brute wit>
+```
+
+
+
 #### References:
 
 * [https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html](https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html)

cheatsheets/security/wireless/cracking-wpa2.md

@@ -0,0 +1,39 @@
+---
+title: Cracking WPA2
+categories: [cheatsheets]
+tags: [security, wireless]
+---
+
+# Cracking WPA2
+
+## 4-way Handshake
+
+Explained in greater detail @ [https://wlan1nde.wordpress.com/2014/10/27/4-way-handshake/](https://wlan1nde.wordpress.com/2014/10/27/4-way-handshake/)
+
+The 4-way handshake looks like this:
+
+![4-way Handshake](./4wayhandshake.png)
+
+The handshake is used to exchange key-data between AP and Client.
+Transient keys are derived from a master key, the Pairwise Master Key (PMK).
+In case of WPA-PSK this is the WiFi password.
+
+## Capturing handshakes
+
+
+
+
+## Converting Handshakes
+
+* Usefull tool for playing with handshakes, pcap-files, ...: hcxtool
+
+* Convert pcap to hccapx file (used for hashcat)
+
+```
+hcxpcaptool -o output.hccapx handshake.pcap
+```
+* Convert pcap to john the ripper hash (`--format=wpapsk`)
+
+```
+hcxpcaptool -o output.hccapx handshake.pcap
+```