Ethical Hacking and Penetration Testing Guide

Yüklə 22,44 Mb.

Pdf görüntüsü

səhifə	107/235
tarix	07.08.2023
ölçüsü	22,44 Mb.
	#138846

1 ... 103 104 105 106 107 108 109 110 ... 235

Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Common Target Protocols
Though there are lots of protocols that we can target, we will commonly come across only the fol-
lowing network protocols/services:
◾
FTP
◾
SSH
◾
SMB
◾
SMTP
◾
HTTP
◾
RDP
◾
VNC
◾
MySQL
◾
MS SQL
Generally, if you are trying to crack any one of these services, the methodology will be the same.
All you would need to do is change a few parameters within the tools.
Tools of the Trade
There are several tools that could be used for cracking network remote services, and each of them
has its own pros and cons depending upon what protocols you are targeting. Let’s take a look at
them one by one.
THC Hydra
THC hydra is one of the oldest password cracking tools developed by “The Hackers Community.”
By far, Hydra has the most protocol coverage than any other password cracking tool as per my
knowledge, and it is available for almost all the modern operating systems. I use hydra most
of the times for my penetration tests. The only thing I do not use it for brute-forcing HTTP

168
◾
Ethical Hacking and Penetration Testing Guide
authentication, because there are better tools for it, which we will discuss in the “Web Hacking”
chapter (Chapter 12).
Basic Syntax for Hydra
Hydra comes preloaded with a username/password list. We can predefine a username or a user-
name list; the choice is ours. Alternatively, we can use our own custom password list to increase
the chances of success. The very first choice would be to use top 100 or 1000 worsed passwords.
A collection of good passwords list can be found at packetstorm (http://packetstormsecurity.com/
Crackers/wordlists/). Here is the basic syntax for hydra to brute-force a service.

Yüklə 22,44 Mb.

Dostları ilə paylaş:

1 ... 103 104 105 106 107 108 109 110 ... 235