A penetration tester is assessing a client's network and discovers several active services, including SSH (port 22), an HTTP basic authentication prompt (port 80), and an FTP server (port 21). The tester has a list of common usernames and passwords and needs to test for weak credentials across all of these services efficiently. Which of the following tools is BEST suited for automating this multi-protocol credential attack?
This option is correct because Hydra is a fast, parallelized online password-cracking tool designed to perform dictionary and brute-force attacks against over 50 different protocols, including SSH, HTTP, and FTP. This makes it the most efficient choice for the scenario. John the Ripper is an offline password cracker used for cracking password hashes that have already been obtained; it does not directly attack live network services. sqlmap is a specialized tool for detecting and exploiting SQL injection vulnerabilities, not for brute-forcing authentication on various network services. While Netcat can connect to various services, it is a general-purpose networking utility and lacks the built-in automation to perform dictionary attacks across multiple protocols.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.