Penetration Test - Survey the Target(11)
Credential Attacks
Hydra
https://sectools.org/tool/hydra/
hydra -L username.txt -P password.txt ftp://10.0.0.19
Get bad web-usernames from the following website:
https://standaloneinstaller.com/blog/big-list-of-various-character-length-usernames-196.html
Get password list from the Internet.
https://github.com/danielmiessler/SecLists
QUICK REVIEW
- Most credential attacks depend on good dictionaries
- Each pen tester must maintain username and password lists for credential attacks
- Start with good online resources and modify for your own purposes
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。