Brute-Force Online:
The first tools called Hydra:
# use Kali Linux it is pre-installed there.
# The list of password called RockYou.txt
# The location is in /usr/share/wordlists
# to unzip it used gzip -d
sudo gzip -d RockYou.txt.gz
# you will end up with the text file
# Hydra can uses a list of usernames.txt by the -L if you know who you are attacking
# do -l <username>
sudo hydra -l "root" -P RockYou.txt <host-ip> <service-type>
# The <host-ip>=10.0.3.1 <service-type>= ssh,ftp,telnet,etc..
Brute-Force Off-line:
Using hasing: MD5, SHA256,SHA1, SHA512, NTLM
- By a tool called
hashcat
along with aword list of passwords
and afile of hashes
# -a the option 0 is for stright wordlist
# -m is for the mechanism here is SHA512
# you can get all the options from man hashcat
sudo hashcat -a 0 -m 1800 -o <the-output-file> <hash-file.txt> <word-list.txt>