21 hours 43 minutes
an introduction to login route forcing tools
are learning objective is to understand the different tools in Cali Lennox to brute force logins.
So we come across Ssh or telnet if it's an old system um or SMB and it asked us for a user name and password. We've already seen this before in our protocol section where we come across some kind of log in, where we need a username and a password. Well how do we brute force this?
The hope is that we do have some users that we've enumerated
and we have a whole long password list that we can use. But the tools of the trade in brute forcing logins are Hydra medusa and then crack are all available in Cali Lennox.
My favorite is THC hydra.
I think it's the most effective that I've used framework that I've used.
It is a parallel parallelized and say that right login cracker.
So you can use lots of different protocols. I've used Ssh SMB telnet um
ftp it's very effective and in my experience in labs and in P W. K. Uh this can be a very, very effective tool. Um You can also use it to crack web forms, which I'll talk about in the next lesson, but
I just like the versatility of Hydra.
Medusa. So, Medusa is another tool, the author of this didn't like hydra, They thought it it didn't work very well
and instead created their own tool, Medusa.
it's, you know, the, the author obviously made his
better in his mind than Hydra, I've used both
and Medusa does a lot of different, you know, it can brute force, a lot of different services Snb http, you'll see pop three ssh. So it's also a very versatile tool. You'll see between Medusa hydra and then crack,
you know, it's kind of, they're very, very similar in a lot of ways
and in the demo that I'll do, I'll go through each of them and you'll see the different flags that they use, but you know, these are all pretty effective tools, so um I like Hydra, I've used Medusa uh and I don't find anything wrong with Medusa,
and there's also end crack. So, n crack from the makers of End Map. So they if you're used to using n map,
the makers are the same that made end crack.
And you can see some similarities between End crack and End Map.
Um in a test between the three services, you'll see this again later, and crack was the fastest. It's high speed, you can do different protocols all in one line, single line and the command line. So it's a very versatile tool as well,
and uh if you're used to End Map, uh and crack might be a great tool that you like to use as well.
So that was a short one, because I actually want to show you what these tools do,
so we'll do that in the demo a little bit later,
but I just want you to have a familiarity of the three different tools that we can use to brute force logins.