Brute Forcing
Last updated
Last updated
One way to gain access to a company's website, service, infrastructure, computers... can be achieved using default credentials or weak credentials. For example, the administrator password for the company's firewall could be "spring2022".
Many web applications, services, and devices have a default administrator account with a default password. However, the password might not have been changed after the device was set up. This is an opportunity for the attacker to obtain the default credentials for the technology to gain access.
Try to identify the software, find whether it uses default passwords and if so, what they are:
Search for "<SOFTWARE> default password".
Try the same user as the password.
Review the documentation.
Review the source code, if available.
Check for default credentials databases:
In case the default credentials for the target did not work, an attacker could use already existing dictionaries with default passwords or craft a dictionary based on the password policies of the targeted company.
There are already built dictionaries with thousands of passwords.
Based on the information of the target we can craft personalized dictionaries. Moreover, there are tools that can facilitate the attacker the work.
Cewl: Crawls the website you provided for commonly-used keywords and collects them into a list for you.
Crunch: you can specify a character set, and it will generate a huge number of permutations using the characters you specify.
Cupp: Generates passwords based on provided keywords about the target.
This subsection contains commands to perform brute force attacks on different technologies.
An attacker could encounter different login portals during a web analysis that can be brute-forced.
Note: Nowadays, hydra does not support forms with CRFS tokens. Thus, a solution would be to use Burp Suite.
There are several ways to perform a brute-force attack against a Kerberos service.
First of all, check the passwords policy to avoid banning accounts.
Then, you can brute-forcing with the following tools.
You can brute force SNMP community strings with hydra.
Attempts to brute-force LDAP authentication. By default, it uses the built-in username and password lists. In order to use your own lists use the userdb
and passdb
script arguments.
Another option is to use hydra.