Credential Attacks
Hydra
https://sectools.org/tool/hydra/
hydra -L username.txt -P password.txt ftp://10.0.0.19
Get bad web-usernames from the following website:
https://standaloneinstaller.com/blog/big-list-of-various-character-length-usernames-196.html
Get password list from the Internet.
https://github.com/danielmiessler/SecLists
QUICK REVIEW
- Most credential attacks depend on good dictionaries
- Each pen tester must maintain username and password lists for credential attacks
- Start with good online resources and modify for your own purposes