Attacking common services - easy

I’m really stuck on this exercise, I got the username “fiona” but the password list provided in resources doesn’t work. I have tried to encode it in base64, since when I do auth login to the smtp service it returns the encoded response. I have also encoded the username fiona, and finally I have also tried the list of passwords in base64 without the ==, but it does not work.

I have tried the list of passwords in plain text with the username fiona for all the services and none of them work, can someone help me ? Thank you.

I’ve discovered in several modules the provided password list doesn’t have the answer (neither does mutation). I recommend trying other password lists commonly talked about and used. Also located on the pwnbox. If you need further hints feel free to DM me

Use the eternal wordlist : rockyou.txt

Box times out before hydra can get through rockyou! I feel like I am missing something with this. I have tried all kinds of lists …rockyou would be the logical choice but takes too long…

While bruteforcing, give the username as: fiona@inlanefreight.htb

1 Like

thank you!

Any help?

Can someone give me some advice, I have entered mysql with the credentials f*** and the pass 9***, but within it I understand that I must upload a file, or how can I do it, I need some advice I am stuck

im stuck on trying to upgrade my shell. ive uploaded it via the ftp server but can get it to execute. what am i missing?

Hi, can anyone suggest me what wordlist (not rockyou) to use…
I’m bruteforcing the ftp service

You can try darkweb2017-top1000 or rockyou-20 as well. Just remember to set username in the format @<domain_name>.