Academy - Password Attacks - Password Mutations

Ezi0 · September 14, 2022, 4:35pm

I got quite frustrated with this exercise. I found the password by creating a “mut_password.list” with the command “hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list” given in the theory.

Note: The command that appears in the cheatsheet is “hashcat --force password.list -r custom.rule --stdout > mut_password.list” yields duplicate and unordered words. I did not use this one.

Then launch hydra with 64 threads against ftp instead of ssh because ssh takes longer. The logic is to think that the user “sam” uses the same password for ssh and ftp. After 30 min I got the password that is at the top of the sorted list “mut_password.list”.

Note: I used pwnbox

CryptoCat · October 6, 2022, 9:50am

The wording of the question in this exercise could be improved. I just assumed that no NMap was needed and followed the question “brute force the SSH”. Maybe rather than:

Use this wordlist to brute force the SSH password for the user "sam"

Something like this would be better:

Enumerate the system and use the brute force techniques described in this module to recover SSH password for the user "sam"

godlike0 · October 27, 2023, 4:15pm

I did the same and worked well.

sudo hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list

sudo hydra -l sam -P mut_password.list -T64 ftp://10.129.110.95

Estimated time: 1hr 15mins for Me

Topic		Replies	Views
Password Attacks - Password Mutations \| Academy Academy	59	10379	October 14, 2024
Password Attacks Academy	3	364	May 11, 2023
Password Attacks Lab - Easy Academy	13	2204	May 16, 2024
Password Attacks - Password Mutations - Banging Head Against Wall!	2	110	June 22, 2024
Password Mutations Academy	2	438	March 26, 2024

Academy - Password Attacks - Password Mutations

Related topics