🩸
Pentesting Checklist
  • 👀General Checklist
    • 👁️Recon & Scanning
      • Nmap Scan
    • 🌡️Services
      • SSH
      • FTP
      • Samba
      • Git
      • SNMP
    • ⚙️Reverse Engineering
      • General
      • Android apks
      • Windows Exe or .net binaries
  • 🐞Web Application Checklist
    • 🧠Web App Attack Techniques
      • Password Smuggling Attack
    • 😍Fuzzing with ffuf
    • 💄Directory Fuzzing
      • Using the tools
      • Wordlists to use
    • 👾Subdomain Fuzzing
      • Normal fuzzing
      • Finding through DNS
    • 🎯LFI/RCE
      • LFI
        • What to do once obtained
      • RCE
      • Misc
  • ☕Linux Checklist
    • Page 2
  • 🪟Windows Checklist
    • 💀Windows Connection Methods
  • 🖇️Tips & Tricks
    • Transferring Files
      • 🐧Linux
      • 📸Windows
    • Pivoting / Lateral Movement Techniques
      • proxychains
      • chisel
      • sshuttle
      • ligolo-ng
    • 🧩Fuzzing
    • 🙃Credential Brute-Forcing
  • 🍒Other useful resources:
    • Page 7
Powered by GitBook
On this page
  1. Tips & Tricks

Credential Brute-Forcing

Mainly hydra for now

PreviousFuzzingNextPage 7

Last updated 2 years ago

Based article:

Bruteforcing port credentials

  • hydra -l user -P wordlist ssh://ip:port (can replace ssh with other services like ftp, etc.)

Bruteforcing website logins

  • sudo hydra -l admin -P /usr/share/wordlists/rockyou.txt ip/domain http-post-form "/path/to/login:username=admin&password=^PASS^:Invalid Password!"

🖇️
🙃
https://infinitelogins.com/2020/02/22/how-to-brute-force-websites-using-hydra/