Three tools for bruteforcing

Hydra, Ncrack and Medusa (although ncrack is no longer being actively developed and supported): hydra -L /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt ssh:// medusa -h -M ssh -U /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt ncrack -vv -U /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt -p ssh Please make sure that you have a good word and password list for this exercise. It might … Continue reading Three tools for bruteforcing


Performing MitM attacks using arpspoof

In this scenario we will perform a MitM attack though arp spoofing. The concept basically comes down to ensuring that you can poison the arp table of the target machine and also the arp table of it's default gateway. For this example we will use arpspoof with the target's IP set to and it's … Continue reading Performing MitM attacks using arpspoof