From 64279c119100100f66684cf991ba56197f06f1aa Mon Sep 17 00:00:00 2001
From: Willy <willy@noreply.git.selfitdeploy.com>
Date: Wed, 10 Jun 2026 00:29:18 +0200
Subject: [PATCH] Update Wazuh/README.md

---
 Wazuh/README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Wazuh/README.md b/Wazuh/README.md
index de28b7b..9a5ad22 100644
--- a/Wazuh/README.md
+++ b/Wazuh/README.md
@@ -212,6 +212,21 @@ printf 'azerty\n123456\npassword\nadmin\nroot\ntoor\nletmein\nqwerty\nmotdepasse
 hydra -l baduser -P pass.txt ssh://IP_DEBIAN -t 4 -V
 ```
 
+```bash
+# Sur ton client Linux d'attaque
+sudo apt install -y hydra
+
+# Utilisateurs inexistants → garantit le déclenchement de la règle 5710
+printf 'admin\nroot\ntest\noracle\npostgres\nubuntu\nguest\nbaduser\nftpuser\ndeploy\njenkins\ngit\n' > users.txt
+
+# Liste de mots de passe : rockyou si dispo (Kali), sinon une liste de secours
+head -n 300 /usr/share/wordlists/rockyou.txt > pass.txt 2>/dev/null || \
+printf 'azerty\n123456\npassword\nadmin\nroot\ntoor\nletmein\nqwerty\nmotdepasse\nwazuh\nchangeme\n111111\n12345678\nadmin123\nP@ssw0rd\nwelcome\nmonkey\ndragon\n' > pass.txt
+
+# Brute force bruyant : tous les users × tous les mots de passe
+hydra -L users.txt -P pass.txt ssh://IP_DEBIAN -t 4 -V -I
+```
+
 #### Méthode 2 — Sans hydra (boucle + sshpass)
 
 ```bash