Introduction to Login Brute-Forcing Tools

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
an introduction to login route forcing tools
00:03
are learning objective is to understand the different tools in Cali Lennox to brute force logins.
00:09
So we come across Ssh or telnet if it's an old system um or SMB and it asked us for a user name and password. We've already seen this before in our protocol section where we come across some kind of log in, where we need a username and a password. Well how do we brute force this?
00:28
The hope is that we do have some users that we've enumerated
00:32
and we have a whole long password list that we can use. But the tools of the trade in brute forcing logins are Hydra medusa and then crack are all available in Cali Lennox.
00:46
My favorite is THC hydra.
00:49
I think it's the most effective that I've used framework that I've used.
00:54
It is a parallel parallelized and say that right login cracker.
01:00
So you can use lots of different protocols. I've used Ssh SMB telnet um
01:06
ftp it's very effective and in my experience in labs and in P W. K. Uh this can be a very, very effective tool. Um You can also use it to crack web forms, which I'll talk about in the next lesson, but
01:25
I just like the versatility of Hydra.
01:26
Yeah,
01:29
Medusa. So, Medusa is another tool, the author of this didn't like hydra, They thought it it didn't work very well
01:38
and instead created their own tool, Medusa.
01:41
So
01:42
it's, you know, the, the author obviously made his
01:47
better in his mind than Hydra, I've used both
01:52
and Medusa does a lot of different, you know, it can brute force, a lot of different services Snb http, you'll see pop three ssh. So it's also a very versatile tool. You'll see between Medusa hydra and then crack,
02:08
you know, it's kind of, they're very, very similar in a lot of ways
02:14
and in the demo that I'll do, I'll go through each of them and you'll see the different flags that they use, but you know, these are all pretty effective tools, so um I like Hydra, I've used Medusa uh and I don't find anything wrong with Medusa,
02:30
and there's also end crack. So, n crack from the makers of End Map. So they if you're used to using n map,
02:36
the makers are the same that made end crack.
02:38
And you can see some similarities between End crack and End Map.
02:44
Um in a test between the three services, you'll see this again later, and crack was the fastest. It's high speed, you can do different protocols all in one line, single line and the command line. So it's a very versatile tool as well,
02:59
and uh if you're used to End Map, uh and crack might be a great tool that you like to use as well.
03:07
So that was a short one, because I actually want to show you what these tools do,
03:12
so we'll do that in the demo a little bit later,
03:14
but I just want you to have a familiarity of the three different tools that we can use to brute force logins.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By