Introduction
Brute forcing is a classic attack that has been around forever and shows no signs of being eliminated. Passwords are a weak point of security and as an attacker you should take full advantage of this. Easily guessable passwords, using default passwords, and password reuse are easy ways for an organization to get compromised. The rule of thumb is if there is a login screen it should be brute forced.
Login Pages:-
There are three things you need to have if you want to launch a brute force attack. The three things you need are an endpoint with a login page, a username, and a password. First you need to find the endpoint you want to target.
Default Credentials:-
Now that you know which endpoints to look out for you need to get a list of usernames and passwords. This technique may be basic, but you would be surprised at the number of times iv compromised an organization because they are using default credentials.
As shown above one of the best places to find default passwords is SecList:
● https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-Credentials
The above picture is an example file containing default usernames and passwords to hundreds of routers. All you have to do is look up the target vendor and try all the default passwords it uses, this technique works very well as people often forget to change the default credentials.
If you are targeting an SSH server or something other than a router the process will be slightly different. Not really, those services also come with default credentials as shown in the image below:
Depending on the service you are brute forcing you will want to find or create a list of credentials tailored toward that. You may also find that sec list does not have any default passwords impacting the target technology. If that’s the case just perform a Google search or two, I normally find these things in the first few links.
Brute Forcing:-
Once you have a good set of credentials you can start the actual process of brute forcing. You could do this by hand, but I would 100% recommend using a tool for this job unless you are only testing 5 passwords or something small like that.
● https://github.com/vanhauser-thc/thc-hydra
If you’re performing a brute force attack you probably want to use the tool “hydra”. This tool supports a bunch of different protocols and has never let me down. Once you have the target endpoint and credentials you can use any tool to perform the brute force attack just pick one you like.
Conclusion:-
Brute force attacks is an easy way to compromise a target application. With the use of default passwords, easily guessable passwords, and password reuse finding a target vulnerable to this shouldn’t be that hard. All you need is a good credential list and you’re ready to go.