
Login Brute Forcing Easy
Learn how to brute force logins for various types of services and create custom wordlists based on your target.
Created by 21y4d
Summary
A critical area of web enumeration is looking for users who use weak or common passwords and attempt to guess their passwords through brute force. Though brute-forcing is always a last resort, gaining access through brute force is still very common, as most users tend to use weak or common passwords.
In the Login Brute Forcing
module, you will learn how to brute force for users who use common or weak passwords and use their credentials to log in.
You will learn the following topics:
- Brute forcing basic HTTP authentication
- Brute forcing website login forms
- Creating personalized wordlists based on personal details
- Brute-forcing service logins, like FTP, SSH, and others
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections, Windows machines in a lab environment as directed, or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Easy" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Networking Fundamentals
- Linux Fundamentals
- Using Burp Suite
- Web Requests
Sections
- Introduction to Brute Forcing
- Password Attacks
- Default Passwords
- Username Brute Force
- Hydra Modules
- Determine Login Parameters
- Login Form Attacks
- Personalized Wordlists
- Service Authentication Brute Forcing
- Skills Assessment - Website
- Skills Assessment - Service Login
Relevant Paths
This module progresses you towards the following Paths

Medium 50 Sections
Cubes Required: 260
In this path, modules cover the basic tools needed to be successful in network and web application penetration testing. This is not an exhaustive listing of all tools (both open source and commercial) available to us as security practitioners but covers tried and true tools that we find ourselves using on every technical assessment that we perform. Learning how to use the basic toolset is essential, as many different tools are used in penetration testing. We need to understand which of them to use for the various situations we will come across.