Brute Force

Brute force attacks are a fundamental method used in penetration testing to crack passwords and authentication mechanisms by systematically attempting multiple combinations of credentials. This technique is commonly used to assess the security of systems, identify weak passwords, and evaluate the effectiveness of security policies.

Several tools are available to automate brute force attacks, each with unique features tailored for different protocols, services, and attack methodologies. The following sections provide an overview of popular brute-force tools, how to install them on Debian, Fedora, and Windows, their required and optional switches, and example usage.

Brute Force Tools

1. Hydra

Overview:
Hydra is a fast and flexible password-cracking tool that supports numerous protocols, including SSH, FTP, HTTP, SMB, and more. It allows attackers to test multiple username and password combinations efficiently.

Installation:

• Debian/Ubuntu:
  > sudo apt update && sudo apt install hydra
• Fedora:
  > sudo dnf install hydra
• Windows (via Cygwin):
  • Download Cygwin from https://cygwin.com
  • Inside Cygwin, install hydra using
    > apt-cyg install hydra
    

Required Switches:

> hydra -L <userlist> -P <passwordList> <protocol>://<target>

• -L : Path to the username list.
• -P : Path to the password list.
• <protocol>://<target> : The target service (e.g., SSH, FTP).

Optional Switches:

• -f : Stop on the first valid login.
• -o <file> : Save results to a file.
• -s <port> : Specify a non-default port.
• -t <num> : Set the number of parallel tasks.
• -v : Enable verbose output.

Example Command:

> hydra -L users.txt -P passwords.txt ssh://192.168.1.1

2. Medusa

Overview:
Medusa is another powerful brute force tool known for its speed and modular design, supporting various authentication protocols.

Installation:

• Debian/Ubuntu:
  > sudo apt install medusa
• Fedora:
  > sudo dnf install medusa
• Windows:
  • Use WSL (Windows Subsystem for Linux) and install it via apt.

Required Switches:

> medusa -h <target> -U <userlist> -P <passwordList> -M <protocol>

• -h : Target host.
• -U : Path to username list.
• -P : Path to password list.
• -M : Protocol to attack.

Optional Switches:

• -f : Stop on first successful login.
• -s <port> : Specify port.
• -t <num> : Number of threads.
• -O <file> : Save output to a file.

Example Command:

> medusa -h 192.168.1.1 -U users.txt -P passwords.txt -M ssh

3. Patator

Overview:
Patator is a flexible brute force tool that supports many protocols and provides advanced control over attack behavior.

Installation:

• Debian/Ubuntu:
  > sudo apt install patator
• Fedora:
  > sudo dnf install patator
• Windows:
  • Install Python3 and run:
    > pip install patator

Required Switches:

> patator <protocol>_login host=<target> user=FILE0 password=FILE1 0=<userlist> 1=<passwordList>

• host=<target> : Target system.
• user=FILE0 : Usernames list.
• password=FILE1 : Passwords list.

Optional Switches:

• -o <file> : Output file.
• -t <num> : Threads.

Example Command:

> patator ssh_login host=192.168.1.1 user=FILE0 password=FILE1 0=users.txt 1=passwords.txt

4. CrackMapExec

Overview:
CrackMapExec is a post-exploitation tool designed to automate large-scale Active Directory attacks, including brute force attempts.

Installation:

• Debian/Ubuntu:
  > sudo apt install crackmapexec
• Fedora:
  > sudo dnf install crackmapexec
• Windows:
  • Use WSL or install via Python:
    > pip install crackmapexec

Required Switches:

> crackmapexec <protocol> <target> -u <userlist> -p <passwordList>

• <protocol> : SMB, SSH, etc.
• <target> : Target host.
• -u : Username list.
• -p : Password list.

Optional Switches:

• -d <domain> : Active Directory domain.
• -t <num> : Threads.
• -o <file> : Save output.

Example Command:

> crackmapexec smb 192.168.1.1 -u users.txt -p passwords.txt

5. Ncrack

Overview:
Ncrack is a powerful network authentication cracker designed for large-scale audits.

Installation:

• Debian/Ubuntu:
  > sudo apt install ncrack
• Fedora:
  > sudo dnf install ncrack
• Windows:
  • Download from https://nmap.org/ncrack/.

Required Switches:

> ncrack -U <userlist> -P <passwordList> <target>

• -U : Username list.
• -P : Password list.

Example Command:

> ncrack -U users.txt -P passwords.txt 192.168.1.1

6. Crowbar

Overview:
Crowbar is a lightweight brute force tool specifically for attacking remote authentication services.

Installation:

• Debian/Ubuntu:
  > sudo apt install crowbar
• Fedora:
  > sudo dnf install crowbar
• Windows:
  • Use WSL.

Required Switches:

> crowbar -b <protocol> -s <target> -u <username> -P <passwordList>

• -b : Protocol.
• -s : Target.

Example Command:

> crowbar -b ssh -s 192.168.1.1 -u admin -P passwords.txt

7. Kerbrute

Overview:
Kerbrute is used for brute-forcing Kerberos authentication, commonly in Active Directory environments.

Installation:

• Debian/Fedora:
  > go install github.com/ropnop/kerbrute
• Windows:
  • Download from GitHub: https://github.com/ropnop/kerbrute.

Example Command:

> kerbrute userenum -d example.com -U users.txt

8. JWT-Tool

Overview:
JWT-Tool is used for brute-forcing and analyzing JSON Web Tokens.

Example Command:

> jwt-tool token.jwt -d payloads.txt -D

This guide provides a comprehensive overview of brute force tools, installation steps, required switches, optional parameters, and practical examples.