How to check brute-force protection using ncrack software
To check protection against brute force attack you need to run it.
Preparationhttps://github.com/danielmiessler/SecLists/ is a good source for downloading lists of popular user names or password. At least you understand the format how to create own lists. For quick test it will be enough to download the following files:
Ncrack can be used to run brute force against known services like SSH, RDP, FTP.
SSH Brute force
ncrack -U users.txt -P passwords.txt -p 22 dhound.io
FTP Brute force
ncrack -U users.txt -P passwords.txt -p 21 dhound.io
RDP Brute force
ncrack -U users.txt -P passwords.txt -p 3389 dhound.io
NmapRefer to our Nmap Cheatsheet to find command for running a brute force attack.
Published on Apr 12, 2017