-
With Medusa Doesn’t seem to work with virtual hosts! medusa -h 10.11.1.49 -u bethany -P Dog_Names_normalized.txt -M http -m DIR:/~Public -T 2 With ncrack Doesn’t seem to work with virtual hosts! ncrack -vv --user bethany -P Dog_Names_normalized.txt http://10.11.1.49:9505 -m http:path=/~Public/ With metasploit Use module auxiliary/scanner/http/http_login Virtual hosts If Host headers are not supported: More
-
(!) See also Password spraying to check a obtained password against usernames. Note: Use http://rumkin.com/tools/cipher/ if you have to encode/decrypt/decipher something on the fly. Wordlist optimization If there is a password policy known: Check password policy In Windows, type net accounts to get informations about account locking, lockout threasholds etc. Cloud-based performance cracking See NPK Default passwords Hashcat Am…