Using Nmap for Password Cracking and DOS Attack

GigoCyberSpace

Light / Dark

About Privacy Policy

Collections

Metasploit WireShark nmap sqlmap AIRCRACK-NG SETOOLKIT PYTHON metasploit basics

series

advice form a hacker RECON DB Hacking the hacks of Mr. Robot Password Cracking MitM

Forum

Forum(coming soon)

GigoCyberSpace APP NEWS

LearnWorld

How To

Use Nmap for Password Cracking and DOS Attack

By LearnWorld Team

Nmap as be considered as a powerful tool as not only does it give information about a network or host but can be used for password cracking, vulnerable scanning, DOS attack and so much more. Most people think that Nmap is a simple tool. But it is more complex than that.

Nmap uses the termed called Nmap Script Engine(NSE). NSE are set of script that can be used for advanced recon, DOS attack, password cracking, vulnerability scanning. One amazing thing about Nmap is that Nmap helps you to quickly map out a network without sophisticated commands or configurations. A beginner in cyber security can get used to Nmap.

In this tutorial, we will use Nmap to:

Perform DOS attack on any system vulnerable

Perform Brute Force Attack on different protocol like FTP SSH, HTTP, Telnet, MySQL and many more

Use 1

Perform DOs attack

To install Nmap, please visit it"s official page at Nmap.org or type:


root@kali ~# : apt-get install nmap

Step 1

Check if the system is prone to DOS attack

One drawback of Nmap is that unlike tools like Slowloris which perform DOS attack on any system except its uses DNSSEC, Nmap needs to check if the site is vulnerable to the attack. Luckily, we"ve found a network to pentest.

On Kali Linux and type :


root@kali ~# : nmap --script http-slowloris-check <ip-address-or-webpage>

Step 2

Perform DOS

Once the site is vulnerable you type:


root@kali: ~ # Nmap --script max-parallelism 400 <ip-address-or-host>

Note that max-parallelism is the maximum number of port operation to be performed. You can add or decrease to your choice.

Use 2

Perform Brute Force Attack

One thing great about Nmap brute force attack is that brute force over 80 password per second making it easier and saving time. In this tutorial we will learn to to brute force FTP, SSH, Telnet, and HTTP form. A service like SSH can only be brute force if it is open.

Brute Forcing FTP

FTP short for File Transfer Protocol used for File Transferring can be brute forced typing the command:


root@kali: # ~  nmap --script ftp-brute --script-args userdb=user.txt,passdb=pass.txt <ip-address>

Brute Forcing SSH


root@kali: # ~ nmap --script ssh-brute --script-args userdb=user.txt,passdb=pass.txt <ip-address>

Brute Forcing MySQL

For most of you who may not know, MySQL is a protocol that is responsible for the delivery of data submitted maybe through a form. And having a port number of port 1434. MySQL can be brute forced by typing the command:


root@kali: # ~ nmap -p1434 --script sql-brute --script-args userdb=user.txt,passdb=pass.txt <ip-address>

Brute Forcing HTTP form

Please note that this brute force a HTTP form on a particular network. For example if you're using WebGoat its brute force the webgoat login form to get in.


root@kali: # ~ nmap -p 80 --script=http-form-brute --script-args "userdb=users.txt,passdb=pass.txt,http-form-brute.path=<path-to-login-form-like-"/webgoat/login.php"> < ip-address>

The best way to prevent password attack is to use strong password or password cracked do that it can&apost be cracked by hackers

GigoCyberSpace