Scribd
Upload
1K views10 pages

Password Cracking PDF

The document discusses various brute force scripts available in Nmap Scripting Engine (NSE). It explains that NSE scripts use Lua and allow automating networking tasks. It then provides examples of using NSE brute force scripts against protocols like FTP, SSH, Telnet, SMB, PostgreSQL, MySQL, HTTP, and MS-SQL. The scripts attempt to guess credentials by trying username and password combinations from text files. The document also provides references for further reading on NSE categories and the HTTP form brute force script.

Uploaded by

Ali Ayub
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views10 pages

Password Cracking PDF

The document discusses various brute force scripts available in Nmap Scripting Engine (NSE). It explains that NSE scripts use Lua and allow automating networking tasks. It then provides examples of using NSE brute force scripts against protocols like FTP, SSH, Telnet, SMB, PostgreSQL, MySQL, HTTP, and MS-SQL. The scripts attempt to guess credentials by trying username and password combinations from text files. The document also provides references for further reading on NSE categories and the HTTP form brute force script.

Uploaded by

Ali Ayub
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Contents

Introduction.......................................................................................3
FTP ....................................................................................................4
SSH ....................................................................................................5
Telnet ................................................................................................5
SMB ...................................................................................................6
Postgres .............................................................................................6
Mysql ................................................................................................7
HTTP ..................................................................................................7
Ms-SQL ..............................................................................................8

Page 2 of 9
Introduction
The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to
write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then
executed in parallel with the speed and efficiency you expect from Nmap. The core of the Nmap Scripting
Engine is an embeddable Lua interpreter. The second part of the Nmap Scripting Engine is the NSE Library,
which connects Lua and Nmap.
NSE scripts define a list of categories that they belong to. Currently defined categories are auth,
broadcast, brute, default. discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and
vuln.
But I mentioned above that in this demonstration we will be demonstrating the Nmap Brute script. These
scripts use brute force attacks to guess the authentication credentials of a remote server. Nmap contains
scripts for brute-forcing dozens of protocols, including HTTP-brute, Oracle-brute, SNMP-brute, etc.
To list all nse scripts for brute forces:

locate *.nse |grep brute

Page 3 of 9
Simply specify -sC to enable the most common scripts. Or specify the --script option to choose your scripts
to execute by providing categories, script file names, or the names of directories full of scripts you wish
to execute. You can customise some scripts by providing arguments to them via the --script-args and --
script-args-file options.

FTP
performs brute-force password auditing against FTP servers. All we need are dictionaries for usernames
and passwords, which will be passed as arguments.

nmap -p21 --script ftp-brute.nse --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150

Page 4 of 9
SSH
brute-force password guessing on SSH servers and connection timeout (default: "5s"). All we need are
dictionaries for usernames and passwords, which will be passed as arguments.

nmap -p22 --script ssh-brute.nse --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150

For valid username and password combination, it will dump the credential.

Telnet
performs brute-force password auditing against telnet servers and connection timeout (default: "5s"). All
we need are dictionaries for usernames and passwords, which will be passed as arguments.

nmap -p23 --script telnet-brute.nse --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150

Page 5 of 9
SMB
Attempts to guess SMB username/password combinations, saving identified combinations for use in other
scripts. Every effort will be made to get a genuine list of users and to validate each username before
utilising it. When a username is identified, it is not only displayed but also kept in the Nmap registry for
future use by other Nmap scripts.
All we need are dictionaries for usernames and passwords, which will be passed as arguments.

nmap -p445 --script smb-brute.nse --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150

Postgres
performs brute-force password auditing against telnet servers and connection timeout (default: "5s"). All
we need are dictionaries for usernames and passwords, which will be passed as arguments.

nmap -p5432 --script pgsql-brute --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150

Page 6 of 9
Mysql
brute-force password auditing on MySQL servers and connection timeout (default: "5s"). All we need are
dictionaries for usernames and passwords, which will be passed as arguments.

nmap -p3306 --script mysql-brute --script-args userdb=users.txt 192.168.1.150

HTTP
Performs brute force password auditing against HTTP form-based authentication. This script uses the
unpwdb and brute libraries to perform password guessing. Any successful guesses are stored in the nmap
registry, using the creds library, for other scripts to use.

Page 7 of 9
nmap -p 80 --script=http-form-brute --script-args "userdb=users.txt,passdb=pass.txt,http-
form-brute.path=/dvwa/login.php" 192.168.1.150

Ms-SQL
performs brute-force password auditing against Ms-SQL servers and connection timeout (default: "5s").
All we need are dictionaries for usernames and passwords, which will be passed as arguments.

nmap -p1433 --script ms-sql-brute --script-args userdb=users.txt,passdb=pass.txt 192.168.1.146

Page 8 of 9
Reference:
https://nmap.org/book/nse-usage.html#nse-categories
https://nmap.org/nsedoc/scripts/http-form-brute.html

Page 9 of 9
JOIN OUR
TRAINING PROGRAMS
H ERE
CLICK BEGINNER

Bug Bounty Network Security


Ethical Hacking Essentials

Network Pentest
Wireless Pentest

ADVANCED

Burp Suite Pro Web Pro Computer


Services-API Infrastructure VAPT Forensics

Advanced CTF
Android Pentest Metasploit

EXPERT

Red Team Operation

Privilege Escalation
APT’s - MITRE Attack Tactics
Windows
Active Directory Attack
Linux
MSSQL Security Assessment

www.ignitetechnologies.in

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy