Hi team,I was wondering whether anyone can please help me, as I'm stuck on Q10.So the part I'm stuck on is trying to figure out how to put a command together to use - unix_users.txt and rockyou.txt to brute force an account that can log onto the web application for port 8000Any suggestions are more than welcome!Many thanks.

Hello,So there are various different things that could be tripping you up here.If you go to your target IP address and specify port 8000 you will be sent to a login page (in my case this was http://10.102.108.182:8000 as seen in the screenshot below) You need to identify what the login button request is actually pushing as the request in order to replicate it in your hydra request.Make sure you are using the listing arguments for user list (-L) and password list (-P)Ensure you are setting the failuremessage on the end so hydra knows what the request is successful - You can find this by visiting the site in a web browser as above and attempting to login. ("Login failed!") hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"

Hi Dark_Knight666 . i used Burpsuite as well. No need to configure fire fox. Use the browser in burpsuite instead.

Hi, please confirm the port that you are supposed to be using. I used 8000 in my exercise and not the default 8080Try 10.102.46.217:8000

Dark_Knight666 Yes, I used Burp to check the request body when pressing login and make sure I was passing the correct parameter names for the username and password

Briefing needs to be updated. I see why you got stuck here. The briefing says to use...hydra -l admin -P /path/to/wordlist.txt http-post-form \"http://example.com/login.php:username=^USER^&password=^PASS^&submit=Login:Invalid password"when hydra won't accept this. The correct format is:hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"Wasted too much time troubleshooting the query when the briefing was wrong! Thanks LewisMutton Dark_Knight666 KingMashaba for the write up here! Hope it helps others that are stuck on this question.

Credential Access: Using Hydra | Immersive Community

16 Replies

LewisMutton
Bronze III
21 days ago
Hello,
So there are various different things that could be tripping you up here.
If you go to your target IP address and specify port 8000 you will be sent to a login page (in my case this was http://10.102.108.182:8000 as seen in the screenshot below)

You need to identify what the login button request is actually pushing as the request in order to replicate it in your hydra request.
Make sure you are using the listing arguments for user list (-L) and password list (-P)
Ensure you are setting the failuremessage on the end so hydra knows what the request is successful - You can find this by visiting the site in a web browser as above and attempting to login. ("Login failed!")

hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"
KingMashaba
Bronze II
17 days ago
Hi, please confirm the port that you are supposed to be using. I used 8000 in my exercise and not the default 8080
Try 10.102.46.217:8000
ChaosDuck26
Bronze I
10 days ago
Briefing needs to be updated. I see why you got stuck here. The briefing says to use...
hydra -l admin -P /path/to/wordlist.txt http-post-form \
"http://example.com/login.php:username=^USER^&password=^PASS^&submit=Login:Invalid password"
when hydra won't accept this. The correct format is:
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"

Wasted too much time troubleshooting the query when the briefing was wrong! Thanks LewisMutton Dark_Knight666 KingMashaba for the write up here! Hope it helps others that are stuck on this question.
- SamDickison
  Community Manager
  9 days ago
  Hmm, I'll bring this up with support to see if they can do something about it. Sorry it wasted your time.
  - KingMashaba
    Bronze II
    8 days ago
    Please do check this, the briefing notes need to be updated. Even the section on Credentials - ntds, which is in the same lab as this one. you cannot run secrectsdump.dy as stated in the notes, needs to be run as impacket-secrectsdump.
KingMashaba
Bronze II
18 days ago
Took me some of time to finally figure this one out. The hydra format that was presented in the briefing section is not working. Looks like you need to have your IP address before http-post-form. Used same and managed to get the username and password
Dark_Knight666
Bronze III
17 days ago
LewisMutton KingMashaba - Thank you for your comments. So basically follow the steps as below?
However when I input my target IP in my browser it appears I am unable to connect?

Cheers!
- LewisMutton
  Bronze III
  16 days ago
  Dark_Knight666 - From my screenshot when I did it I was using port 8000 not port 8080 as KingMashaba also mentioned. Have you given that a go?
Dark_Knight666
Bronze III
16 days ago
LewisMutton KingMashaba - Indeed, it was a schoolboy error on my side! Thank you both. But I was wondering if you guy's used Burp suite to inspect the HTTP request?
- LewisMutton
  Bronze III
  16 days ago
  Dark_Knight666 Yes, I used Burp to check the request body when pressing login and make sure I was passing the correct parameter names for the username and password
Dark_Knight666
Bronze III
16 days ago
LewisMutton - Thank you! Can I just ask if you configured Firefox so the Burt suite listeners were active?
- KingMashaba
  Bronze II
  15 days ago
  Hi Dark_Knight666 . i used Burpsuite as well. No need to configure fire fox. Use the browser in burpsuite instead.