Most network-based services can be configured to lock a user account after a certain number of failed logon attempts. Some services, however, do not implement this type of policy. Others exempt the administrator or root from the policy, so that you will never be locked out as you repeatedly try to guess the password. You can dramatically speed up the process by using an automated brute force attack. Brute forcing tools can use different protocols such as SMB, telnet, SMTP, POP3/IMAP, HTTP, FTP, and others to target various network services. You supply the tool with a wordlist of user names and passwords which it will try until it succeeds or exhausts the list.

Examples of brute forcing tools include:

  • Hydra
  • Medusa
  • Ncrack
  • NetBIOS Auditing Tool
  • AET2 Brutus
  • Aircrack-ng
  • John the Ripper
  • Rainbow Crack
  • Cain & Abel
  • L0phtCrack
  • Ophcrack
  • Hashcat
  • Metasploit modules:
  • auxiliary/scanner/http/http_login
  • auxiliary/scanner/smb/smb_login
  • auxiliary/scanner/telnet/telnet_login
  • auxiliary/scanner/snmp/snmp_login
  • auxiliary/scanner/ssh/ssh_login

Note: Metasploit has many brute forcing tools. To see a list of choices, conduct a search at the msfconsole by entering

search -type auxiliary -S _login