Password Bruteforcing
Password Attack Type
Dictionary attack
Brute force
Traffic interception
Man In the Middle
Key Logging
Social engineering
Methods of Bruteforce Attacks
Attack
Description
Online Brute Force Attack
Attacking a live application over the network, like HTTP, HTTPs, SSH, FTP, and others
Offline Brute Force Attack
Also known as Offline Password Cracking, where you attempt to crack a hash of an encrypted password.
Reverse Brute Force Attack
Also known as username brute-forcing, where you try a single common password with a list of usernames on a certain service.
Hybrid Brute Force Attack
Attacking a user by creating a customized password wordlist, built using known intelligence about the user or the service.
Bruteforcing default credentials
/opt/useful/SecLists/Passwords/Default-Credentials
Creating Personalized Worlist
$ cupp -i
___________
cupp.py! # Common
\ # User
\ ,__, # Passwords
\ (oo)____ # Profiler
(__) )\
||--|| * [ Muris Kurgas | j0rgan@remote-exploit.org ]
[ Mebus | https://github.com/Mebus/]
[+] Insert the information about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;)Password Policy
sed -ri '/^.{,7}$/d' william.txt # remove shorter than 8
sed -ri '/[!-/:-@\[-`\{-~]+/!d' william.txt # remove no special chars
sed -ri '/[0-9]+/!d' william.txt # remove no numbersMangling
Custom Username List
./username-anarchy Bill Gates > bill.txtLast updated