crowbar: OpenVPN/RDP/SSH/VNC brute forcing
Crowbar – Brute forcing tool
Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute force tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests, to be used to attack other SSH servers.
Currently, it supports:
- OpenVPN (
- Remote Desktop Protocol (RDP) with NLA support (
- SSH private key authentication (
- VNC key authentication (
Brute Forcing Remote Desktop Protocol (RDP)
Below are a few examples of attacking RDP using Crowbar.
RDP brute forcing a single IP address using a single username and a single password:
RDP brute forcing a single IP address using username list file and a single password:
RDP brute forcing a single IP address using a single username and a password list:
RDP brute forcing a subnet using a username list and a password list in discovery mode:
Copyright (c) 2014 Gökhan ALKAN