# Brute Forcing

## <mark style="color:yellow;">Login Pages</mark>

First, you need to find the endpoint you want to target:

| Name    | Endpoint                                                                    |
| ------- | --------------------------------------------------------------------------- |
| Web app | login page, Outlook mail, VPN, Router, Firewall, WordPress admin panel, etc |
| SSH     | Port:22                                                                     |
| RDP     | Port:3389                                                                   |
| VNC     | Port:5900                                                                   |
| FTP     | Port:21                                                                     |
| Telnet  | Port:23                                                                     |

## <mark style="color:yellow;">Default Credentials</mark>

Based on service brute force, try default usernames and passwords in [SecList](https://yasmeen-rezk.gitbook.io/my-notes/bug-bounty-playbook-v2/basic-hacking/broken-reference).

* use Google to search for non-existing services.

## <mark style="color:yellow;">Brute Forcing</mark>

Use the tool [Hydra ](https://github.com/vanhauser-thc/thc-hydra)to perform a brute-force attack.