bruteforce command is used to bruteforce authentication of a user locally. It will use the
su command to
iteratively try every password for a given user. This is very slow, but does technically work. If no wordlist is
specified, the default location of
rockyou.txt in Kali Linux is chosen. This may or may not exist for your system.
This command is very noisy in log files. Each failed authentication is normally logged by any modern linux distribution. Further, if account lockout is enabled, this will almost certainly lockout the targeted account!
Selecting a User¶
Individual users are selected with the
--user argument. This argument can be passed multiple times to test multiple
users in one go. To use the default dictionary to test the root and bob users, you would issue a command like:
bruteforce -u root -u bob
User names are automatically tab-completed at the pwncat prompt for your victim host.
Selecting a Wordlist¶
Word lists are specified with the
--dictionary parameter. This parameter is a path to a file on your attacking
host which contains a list of passwords to attempt for the selected users. If a correct password is found, it is stored
in the databaase, and the search is aborted for that user. To select a custom database, you would issue a command like:
bruteforce -d /opt/my-favorite-repo/my-favorite-wordlist.txt -u root