search
GitHubTwitchLinkedInTryHackMe

Bruteforcing

circle-info

Keep your wordlists clean, make sure in case you download additional wordlists to keep them in /usr/share/wordlists/ in your Kali machine.

Wordlists

SecLists - https://github.com/danielmiessler/SecListsarrow-up-right

Dirsearch - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txtarrow-up-right

Assetnote - https://wordlists.assetnote.io/arrow-up-right

OneRuleToRuleThemAll - https://github.com/d4rkduck1/OneRuleToRuleThemAllarrow-up-right

// For removing duplications in wordlist 
cat wordlist.txt| sort | uniq > new_word.txt

By default Kali should already ship with the following wordlists:

https://www.kali.org/tools/wordlists/arrow-up-right

hashtag
Directory Bruteforce

Cewl

hashtag
Password / Hash Bruteforce

Hashcat

To know which m parameter to set (-m) ​ - https://hashcat.net/wiki/doku.php?id=hashcatarrow-up-right

To identify the hash (hashid) - https://mattw.io/hashID/typesarrow-up-right

John (JTR)

hashtag
Protocols Bruteforce

Hydra

TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, irc, RSH, RLOGIN, CVS, SNMP, SMTP, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, XMPP, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, Subversion/SVN, Firebird, LDAP2, Cisco AAA

Medusa

AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NetWare NCP, NNTP, PcAnywhere, POP3, PostgreSQL, REXEC, RLOGIN, RSH, SMBNT, SMTP-AUTH, SMTP-VRFY, SNMP, SSHv2, Subversion (SVN), Telnet, VMware Authentication Daemon (vmauthd), VNC, Generic Wrapper, Web Form

Ncrak (faster)

RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, telnet

SSH

SMB

HTTP-Post

PreviousFTPNextGaining System Access

Last updated