Password Attack Stuck on first section

I’m working on the Password Attacks module, but I’m stuck on the first section on cracking winrm, ssh, rdp, smb.

I got through the winrm by bruteforcing with username/password list, from there I got to PS and got list of users for smb and rdp (not sure how to get ssh user, but I think it has to be the rest left in all users)

However I used these users to try to brute force smb, rdp, ssh, non of the user/pass worked.

Right now I’m stuck and have no idea where to go from here, am I missing something?

nvm I solved it…
5 hour of hitting my head on the wall, completely wrong direction I was going

Hi bro,
I’m stuck the network section
I can not brute force username/password by wordlist from module!
any hints for that

1 Like

It didn’t ask you to use the wordlist in resources

1 Like

any hints for this section?

1 Like

What am i missing on the last two questions? I can login to the SMB share but don’t have rights to read anything, and so far 0 luck with the RDP service part…

NVM I got it figured out. Had to sleep on it…

CrazyHorse, im on the same thing, getting the share folder on pwd but only seeing my own folder.

Did you have any luck with RDP? I was able to crack winRM, SSH, and SMB using the files in the resources list but am not getting results using crackmapexec or hydra with that wordlist for RDP. I have a list of 7 usernames from when I gained SSH access and I am trying different wordlists against those users but it is taking ages.

For tools: Crackmapexec seems to be fastest. I have experienced errors using hydra to crack RDP, despite using less threads and using a waiting prompt.

hydra -L username.list -P password.list rdp://<IP_ADDRESS> -t 1 -W 1
[ERROR] all children were disabled due too many connection errors
0 of 1 target completed, 0 valid password found
[INFO] Writing restore file because 2 server scans could not be completed
[ERROR] 1 target was disabled because of too many errors
[ERROR] 1 targets did not complete

Update: I was able to crack the RDP user and password in about 10 seconds using a different tool: crowbar. I’m not sure why crackmapexec and hydra did not work.

1 Like