All you need is a good credential list and you're ready to go.
First, you need to find the endpoint you want to target:
Web app
login page, Outlook mail, VPN, Router, Firewall, WordPress admin panel, etc
SSH
Port:22
RDP
Port:3389
VNC
Port:5900
FTP
Port:21
Telnet
Port:23
Based on service brute force, try default usernames and passwords in SecListarrow-up-right.
use Google to search for non-existing services.
Use the tool Hydra arrow-up-rightto perform a brute-force attack.
Last updated 2 years ago