Password Cracking : Bruteforce Attacks : Bruteforce Attack Options

Bruteforce Attack Options

The following table describes the options for a bruteforce attack:
Identifies the basic password combinations. Quick has the shortest duration because it attempts less than 25 known user name and password combinations. Quick uses a static list of credentials and tries them against discovered services. The list of credentials include:
After the bruteforce attack tries the static credentials list, it tries the user names with a blank password. The bruteforce attack prepends known credentials to the static list.
Bruteforce Depth: Defaults Only
Attempts a fixed maximum number of credentials. The normal mode takes approximately 5 minutes per host on a fast LAN. The normal mode focuses on common, protocol-specific user names as well as discovered user names and passwords. The normal mode identifies discovered passwords from a list of common passwords. Most protocols have common defaults, which Metasploit Pro tries after known good credentials on other services.
The system tries these generated credentials after the current known good credentials. The system adjusts the credentials figures after each successive run, if the credentials become known as the modules run.
Attempts three times more passwords than the normal mode. The deep mode takes 15-20 minutes for each host on a fast LAN, if all services are enabled. The additional passwords come from the common password list.
For the few protocols that support fast enough guesses, passwords are subject to a fixed set of transformations. For example, 1 for I and 0 for O.
SSH and Telnet are not subject to the deep multiplier because these credentials take longer to test than the other services.
Bruteforce Depth: Imported Only
Attempts credentials that are already known for all services in the target workspace. This includes SSH keys and passwords.
Bruteforce targets the following services: SMB, PostgreSQL, DB2, MySQL, MSSQL, Oracle, HTTP, HTTPS, SSH, SSH_PUBKEY, Telnet, FTP, POP3, EXEC, LOGIN, SHELL, VNC, SNMP, and AFP.
Excluded Addresses
Runs a bruteforce attack, prints a transcript of the modules, and quits the attack. Metasploit Pro does not run a live bruteforce attack against the target system.
Produce verbose in the output task log
Additional credentials
Defines the user name and password combinations that the bruteforce attack uses. Use commas to separate user name and password combinations.
For domain-specific user name and password combinations, use the following format: domain/username.password.
Automatically open sessions with guessed credentials
Limit to one cracked credential per service
Skip blank password generation
Exclude machine names as passwords
Skip common Windows machine accounts
Skips Windows accounts that do not have remote login rights or randomly generated passwords. The accounts include TsInternetUser krbtgt NetShowServices, IUSR_<anything>, IWAM_<anything>, WMUS_USER-<anything>.
Skip common UNIX machine accounts
Skips Unix accounts that don’t have remote login rights or randomly generated passwords. This includes: daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data backup list, irc, gnats, nobody, libuuid, syslog, messagebus, haldaemon, hplip, avahi, couchdb, kernoops, saned, pulse, gdm, sshd, telnetd, dhcp, avahi-autoipd, speech-dispatcher.
SMB: Recombine known, imported, and additional credentials
Takes all the usernames:passwords from the known credentials list, imported list, and credentials textbox, and assigns all the passwords to all users.
SMB: Preserve original domain names
Mutate known credentials
Mutate imported credentials
Determines the portion of the credential list subjected to mutations – in this case, all credentials manually added by the user.
Mutation: append numbers to candidate passwords
Strips off all trailing digits off a password and replaces it with a single digit and skips all passwords that do not contain a letter.
Mutation: prepend numbers to candidate passwords
Strips off all digits at the beginning of a password and replaces it with a single digit and skips all passwords that do not contain a letter.
Mutation: substitute numbers within candidate passwords
Strips off up to two digits within a password and replaces it with up to two digits. Passwords with more than three digits are ignored.
Mutation: transpose letters for “l33t-sp34k” alternatives in candidate passwords
Mutation: append special characters to candidate passwords
Mutation: prepend special characters to candidate passwords
Recombine known, imported, and additional credentials
Takes the user names and passwords from the known credentials list, imported list, and credentials text box, and assigns all the passwords to all users.
Include known credentials
Uses all known credentials from the project. The bruteforce attack tries the known passwords first. All credentials that are “known only” and “quick” are not affected by the credential generation switch.