Forum Discussion
Bronze IIICredential Access: Using Hydra
The lab has now been updated to provide a little more context. Hopefully it helps a bit.
Bronze IBriefing needs to be updated. I see why you got stuck here. The briefing says to use...
hydra -l admin -P /path/to/wordlist.txt http-post-form \
"http://example.com/login.php:username=^USER^&password=^PASS^&submit=Login:Invalid password"
when hydra won't accept this. The correct format is:
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"
Wasted too much time troubleshooting the query when the briefing was wrong! Thanks LewisMutton Dark_Knight666 KingMashaba for the write up here! Hope it helps others that are stuck on this question.
Community ManagerHmm, I'll bring this up with support to see if they can do something about it. Sorry it wasted your time.
- KingMashaba
Bronze II
Please do check this, the briefing notes need to be updated. Even the section on Credentials - ntds, which is in the same lab as this one. you cannot run secrectsdump.dy as stated in the notes, needs to be run as impacket-secrectsdump.
- SamDickison
Hey ChaosDuck26 and KingMashaba, I've caught up with the Cyber Team and they said that the briefing is supposed to be an example of a command, and that the idea is for the user to craft their own from the example. It sounds like you worked it out.
- ChaosDuck26
Thanks SamDickison
This conflicts with other Briefings and speaks to the inconsistency from Immersive. The expectation is the commands in the command prompt section of the Briefings should be the correct format at a minimum. Telling me this is just, and example is fine, but make it a valid example in the Briefing!
