OS Login

Many systems still use passwords as the mode of authentication of a user before logging into the system. As long as remote login is enabled in the system, which is mostly enabled on most corporate networks, tools can be used to figure out the username and passwords of the system using trial and error method.

Windows

Windows by default use the Remote Desktop Protocol (RDP) for remote login and operating of a system.

Crowbar is one of the popular tools that can be used for testing both RDP or SSH based login to a remote system. The following command can be used for testing a list of usernames and passwords on a Windows system,

crowbar -b rdp -s 192.168.1.1/32 -u admin -C ~/password-file.txt -n 1

here only one thread is assigned for the test as crowbar does not handle multiple threads reliably.

Linux

SSH is the most popular method of remote access of the Linux operating system. SSH supports 2 types of authentication, one using traditional passwords and the second using asymmetric cryptography (public and private keys).

The following command (hydra) can be used to figure out the password login using the trial and error method,

hydra -l <username> -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.1

PreviousHTTP Applications NextPassword Cracking

Last updated 1 year ago