Any possibility that the user will re use the password????
Generate a custom wordlist cewl -w createWordlist.txt -m https://www.example.com
john the ripper john --wordlist=/user/share/wordlists/rockyou.txt hash.txt
Hashcat << check type online - hashcat sample hash hashcat -m<type> -a 0 /usr/share/wordlists/rockyou.txt hash.txt
HTTP post form
hydra -L -P http-post-form ":username=^USER^&password=^PASS^&Login=Login:"
- easy password? e.g. password, 123456
- Company or site name or its variations? e.g. use the software name as password
- Name=Password and other hints
- Simple sequences
- Basic words