From 21ca7d0637ffc9cade8267bdee858f77ca605635 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Mon, 15 May 2023 11:25:45 +0100
Subject: [PATCH] Update README.md

---
 README.md | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index b53ba48..12f7a10 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,8 @@ Got tricks? Join us on Telegram: [https://t.me/thcorg](https://t.me/thcorg)
    1. [Find your public IP address](#your-ip)
    1. [Check reachability from around the world](#check-reachable)
    1. [Check/Scan Open Ports](#check-open-ports)
-   1. [Brute Force Password Cracking](#bruteforce)
+   1. [Crack Passwords hashes](#bruteforce)
+   1. [Brute Force Passwords](#bruteforce)
 1. [Data Upload/Download/Exfil](#exfil)
    1. [File Encoding/Decoding](#file-encoding)
    1. [File transfer using screen](#file-transfer-screen)
@@ -494,9 +495,17 @@ nmap -A -T5 -F -Pn --script vulners.nse scanme.nmap.org
 ```
 
 <a id="bruteforce"></a>
-**3.viii. Brute Force Password Cracking**
+**3.viii. Crack Password hashes**
 
-(This list is curated by Joey (?))
+```shell
+hashcat --username -w3 my-hash /usr/share/wordlists/rockyou.txt
+```
+
+Read the [FAQ](https://hashcat.net/wiki/doku.php?id=frequently_asked_questions) or use [Crackstation](https://crackstation.net).
+
+**3.ix. Brute Force Passwords**
+
+The following is for brute forcing (guessing) passwords of ONLINE SERVICES.
 
 <a id="gmail"></a>
 <details>
@@ -526,6 +535,7 @@ Username & Password lists:
 * https://github.com/danielmiessler/SecLists  
 * https://wordlists.assetnote.io  
 * https://weakpass.com  
+* https://crackstation.net/  
 
 
 Set **U**sername/**P**assword list and **T**arget host.