Penetration Test - Survey the Target(11)

Credential Attacks

Hydra

https://sectools.org/tool/hydra/

image-20200909212708472

hydra -L username.txt -P password.txt ftp://10.0.0.19

Get bad web-usernames from the following website:

https://standaloneinstaller.com/blog/big-list-of-various-character-length-usernames-196.html

Get password list from the Internet.

https://github.com/danielmiessler/SecLists

image-20200909220923025

QUICK REVIEW
  • Most credential attacks depend on good dictionaries
  • Each pen tester must maintain username and password lists for credential attacks
  • Start with good online resources and modify for your own purposes
posted @ 2020-09-09 22:10  晨风_Eric  阅读(110)  评论(0编辑  收藏  举报