Forum Discussion
Bronze IIICredential Access: Using Hydra
Hi team,
I was wondering whether anyone can please help me, as I'm stuck on Q10.
So the part I'm stuck on is trying to figure out how to put a command together to use - unix_users.txt and rockyou.txt to brute force an account that can log onto the web application for port 8000
Any suggestions are more than welcome!
Many thanks.
The lab has now been updated to provide a little more context. Hopefully it helps a bit.
16 Replies
- LewisMutton
Hello,
So there are various different things that could be tripping you up here.
If you go to your target IP address and specify port 8000 you will be sent to a login page (in my case this was http://10.102.108.182:8000 as seen in the screenshot below)
You need to identify what the login button request is actually pushing as the request in order to replicate it in your hydra request.
- Make sure you are using the listing arguments for user list (-L) and password list (-P)
- Ensure you are setting the failuremessage on the end so hydra knows what the request is successful - You can find this by visiting the site in a web browser as above and attempting to login. ("Login failed!")
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"
KingMashabaBronze II
Hi, please confirm the port that you are supposed to be using. I used 8000 in my exercise and not the default 8080
Try 10.102.46.217:8000
- ChaosDuck26
Bronze I
Briefing needs to be updated. I see why you got stuck here. The briefing says to use...
hydra -l admin -P /path/to/wordlist.txt http-post-form \
"http://example.com/login.php:username=^USER^&password=^PASS^&submit=Login:Invalid password"when hydra won't accept this. The correct format is:
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"
Wasted too much time troubleshooting the query when the briefing was wrong! Thanks LewisMutton Dark_Knight666 KingMashaba for the write up here! Hope it helps others that are stuck on this question.- SamDickison
Community Manager
Hmm, I'll bring this up with support to see if they can do something about it. Sorry it wasted your time.
- KingMashaba
Please do check this, the briefing notes need to be updated. Even the section on Credentials - ntds, which is in the same lab as this one. you cannot run secrectsdump.dy as stated in the notes, needs to be run as impacket-secrectsdump.
- KingMashaba
Took me some of time to finally figure this one out. The hydra format that was presented in the briefing section is not working. Looks like you need to have your IP address before http-post-form. Used same and managed to get the username and password
- Dark_Knight666
LewisMutton KingMashaba - Thank you for your comments. So basically follow the steps as below?
However when I input my target IP in my browser it appears I am unable to connect?
Cheers!
- LewisMutton
Dark_Knight666 - From my screenshot when I did it I was using port 8000 not port 8080 as KingMashaba also mentioned. Have you given that a go?
- Dark_Knight666
LewisMutton KingMashaba - Indeed, it was a schoolboy error on my side! Thank you both. But I was wondering if you guy's used Burp suite to inspect the HTTP request?
- LewisMutton
Dark_Knight666 Yes, I used Burp to check the request body when pressing login and make sure I was passing the correct parameter names for the username and password
- Dark_Knight666
LewisMutton - Thank you! Can I just ask if you configured Firefox so the Burt suite listeners were active?
- KingMashaba
Hi Dark_Knight666 . i used Burpsuite as well. No need to configure fire fox. Use the browser in burpsuite instead.
