I’m working on the Password Attacks module, but I’m stuck on the first section on cracking winrm, ssh, rdp, smb.
I got through the winrm by bruteforcing with username/password list, from there I got to PS and got list of users for smb and rdp (not sure how to get ssh user, but I think it has to be the rest left in all users)
However I used these users to try to brute force smb, rdp, ssh, non of the user/pass worked.
Right now I’m stuck and have no idea where to go from here, am I missing something?
What am i missing on the last two questions? I can login to the SMB share but don’t have rights to read anything, and so far 0 luck with the RDP service part…
Did you have any luck with RDP? I was able to crack winRM, SSH, and SMB using the files in the resources list but am not getting results using crackmapexec or hydra with that wordlist for RDP. I have a list of 7 usernames from when I gained SSH access and I am trying different wordlists against those users but it is taking ages.
For tools: Crackmapexec seems to be fastest. I have experienced errors using hydra to crack RDP, despite using less threads and using a waiting prompt.
hydra -L username.list -P password.list rdp://<IP_ADDRESS> -t 1 -W 1
<snip>
[ERROR] all children were disabled due too many connection errors
0 of 1 target completed, 0 valid password found
[INFO] Writing restore file because 2 server scans could not be completed
[ERROR] 1 target was disabled because of too many errors
[ERROR] 1 targets did not complete
<snip>
Update: I was able to crack the RDP user and password in about 10 seconds using a different tool: crowbar. I’m not sure why crackmapexec and hydra did not work.