Often you may wish to obtain access to a service or password protected area on a network. Examples of this may be trying to log into a ssh service, RDP, http-get (i.e. what your router pops up with), etc. There a multitude of tools that will allow you to perform these password attacks, hydra, medusa and ncrack are popular examples. Some tools may cope with certain protocols better than others, but hydra has become a staple tool in my arsenal. You have the choice of nominating a single host name, then cycling through a password list; nominating a username list and testing a password, or a combination of both username lists and password lists.
[Read more…]