Passwords Attacks

So if we have found some usernames I want you to try these on all different ports

• <user>:<user> ie. admin:admin

• <boxname>:<boxname>

• <user>:<rockyou.txt>

• <user>:password

• <user>:admin

We could also attempt to make a userlist and passlist to spray using hydra.

Useful lists:

/usr/share/seclists/Usernames/top-usernames-shortlist.txt

/usr/share/seclists/Passwords/Common-Credentials/best15.txt

Cewl can be used in websites to generate passwords that contain words from the public facing website.