Service authentication

passwordattacks password_attacks easyctf agentsudoctf basicpentestingjt netsecchallenge cowboyhacker wifinetic

When we discover a service, we often want to test default credentials as it is a fast and easy attack vector. πŸ”

We often use one of these tools:

Look at wordlists#accounts to find handy wordlists.

Additional notes

  • If we don't find any valid credentials nor any other attack vector, we may try to use wordlists with the most common passwords. πŸͺ²

  • Otherwise, we may also try our luck with password spraying. To avoid account lockout, we may be forced to use it anyway. πŸ—οΈ By default there is no account lockout on Windows Server.

  • When testing a list of usernames, remember to add the switch to stop when one credential is found. ⚠️