Bruteforcing

The most important thing pentesters are looking for on a network are credentials. Weak credentials can be an attacker's foot in the door when attempting to gain access to a computer or network. Bruteforce modules in Metasploit give an attacker the ability to glean weak credentials from services on the network. VolatileMinds provides bruteforce modules for popular enterprise and on-premise software, often high-value targets on a network.

Using bruteforce modules

Metasploit ships with a few wordlists to use for bruteforcing attacks, but many attackers have their own lists that they've crafted over the years. These custom lists are just as usable as the wordlists shipped by default with Metasploit.

Here is an example run of our Splunk scanner finding a Splunk instance on the network, then using our Splunk bruteforce module to find a set of valid credentials. We then use the credentials to gain a remote shell on the Splunk instance.