How to use Patator in Kali Linux to Brute Force Password

patator commands, patator tutorial, how to brute force weak password

Patator is a powerful tool provided in Kali Linux for brute-forcing passwords. It enables security personnel to assess the strength of passwords in authorized systems. However, it is critical to utilize Patator responsibly and lawfully, adhering to ethical norms as well as any legislation.

Weak passwords pose a significant vulnerability, leading to widespread compromise of accounts through password hacking techniques. Moreover, Many individuals still use easily guessable passwords that are susceptible to brute-force attacks and can be obtained in plain text.


In Addition, Hashes are made by single-way numerical calculations, that recommends they can’t be tangled. So the best method for breaking is to animal power them.


In the present instructive action we will figure out how we can break secret word hashes by brute force (beast force) utilizing patator from our Kali Linux.


On the other hand, it is potential we have the usernames yet we went to attempt beast persuading the secret key. Patator is a grand instrument that licenses us to brute force several sorts of logins and even ZIP passwords.

What is Patator?

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Weather, Patator was worked out of dissatisfaction from utilizing Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for secret word speculating assaults. I settled on an alternate methodology to not make one more savage compelling device and try not to rehash similar weaknesses. Patator is a multi-strung device written in Python, that endeavors to be more dependable and adaptable than his kindred ancestors.

Patator is a multi-purpose brute-forcer designed for penetration testing, offering a modular design and flexible usage. It was developed due to dissatisfaction with existing tools such as Hydra, Medusa, Ncrack, Metasploit modules, and Nmap NSE scripts for password guessing attacks. Patator takes a different approach to avoid creating yet another brute-forcing tool and to address known weaknesses. As a multi-threaded tool written in Python. As a result, Patator strives to be more reliable and flexible than its predecessors.”

How to install Patator?

Patator tool is already inbuilt in Kali Linux and Parrot Security OS but if you don’t have this tool and you want to install patator brute force tool use command below.

git clone https://github.com/lanjelot/patator.git<br>git clone https://github.com/danielmiessler/SecLists.git<br>docker build -t patator patator/<br>docker run -it --rm -v $PWD/SecLists/Passwords:/mnt patator dummy_test data=FILE0 0=/mnt/richelieu-french-top5000.txt

To see each of the choices we fire up our terminal window and run following solicitation:-

Currently patator supports the following modules:

root@hackreveal:~# patator -h
Patator 0.9 (https://github.com/lanjelot/patator) with python-3.10.4
Usage: patator module --help
Available modules:
             
  + ftp_login     : Brute-force FTP
  + ssh_login     : Brute-force SSH
  + telnet_login  : Brute-force Telnet
  + smtp_login    : Brute-force SMTP
  + smtp_vrfy     : Enumerate valid users using SMTP VRFY
  + smtp_rcpt     : Enumerate valid users using SMTP RCPT TO
  + finger_lookup : Enumerate valid users using Finger
  + http_fuzz     : Brute-force HTTP
  + rdp_gateway   : Brute-force RDP Gateway
  + ajp_fuzz      : Brute-force AJP
  + pop_login     : Brute-force POP3
  + pop_passd     : Brute-force poppassd
  + imap_login    : Brute-force IMAP4
  + ldap_login    : Brute-force LDAP
  + dcom_login    : Brute-force DCOM
  + smb_login     : Brute-force SMB
  + smb_lookupsid : Brute-force SMB SID-lookup
  + rlogin_login  : Brute-force rlogin
  + vmauthd_login : Brute-force VMware Authentication Daemon
  + mssql_login   : Brute-force MSSQL
  + oracle_login  : Brute-force Oracle
  + mysql_login   : Brute-force MySQL
  + mysql_query   : Brute-force MySQL queries
  + rdp_login     : Brute-force RDP (NLA)
  + pgsql_login   : Brute-force PostgreSQL
  + vnc_login     : Brute-force VNC
  + dns_forward   : Forward DNS lookup
  + dns_reverse   : Reverse DNS lookup
  + snmp_login    : Brute-force SNMP v1/2/3
  + ike_enum      : Enumerate IKE transforms
  + unzip_pass    : Brute-force the password of encrypted ZIP files
  + keystore_pass : Brute-force the password of Java keystore files
  + sqlcipher_pass : Brute-force the password of SQL Cipher-encrypted databases
  + umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes
  + tcp_fuzz      : Fuzz TCP services
  + dummy_test    : Testing module id  : Brute-force SMB SID-lookup

Brute force FTP Password

patator ftp_login host=192.168.1.100 user=FILE0 0=usernames.txt password=FILE1 1=passwords.txt -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500

where:

  • ftp_login — is a necessary ftp module
  • host — target ip address
  • user — is a dictionary contains usernames (if user name is ‘abc’ then user=abc)
  • password — is a dictionary contains passwords (if password is ‘123’ then password=123)
  • 0 — dictionary file location of usernames
  • 1 — dictionary file location of passwords
  • -x ignore:mesg — is a command not to display a line contains that message. The filtering parameter is chose individually.

Brute Force SSH Password

patator ssh_login host=192.168.1.100 user=test password=FILE0 0=/root/wordlist/rockyou.txt -x ignore:mesg=’Authentication failed’

where

ssh_login — is a necessary ssh module
host — target ip address
user — is a dictionary contains usernames (if user name is 'abc' then user=abc)
password — is a dictionary contains passwords (if password is '123' then password=123)
0 — dictionary file location of usernames
1 — dictionary file location of passwords
-x ignore:mesg — is a command not to display a line contains that message. The filtering parameter is chose individually.

Finally, Patator is a powerful tool available in Kali Linux for password brute-forcing. Before conducting any testing, it is critical to use this tool responsibly, following ethical guidelines and obtaining proper authorization.

Patator is useful for security professionals during penetration testing because it allows them to evaluate the strength of passwords in authorized systems. When using Patator or similar tools, it is critical to priorities privacy, respect, and abide by applicable laws. We can improve password security and prevent unauthorized access to sensitive information by using Patator responsibly.

2 Comments

  1. Reading your article helped me a lot and I agree with you. But I still have some doubts, can you clarify for me? I’ll keep an eye out for your answers.

Leave a Reply