So I was quite some time free member, and experienced the battle on the machines, in special the easy/medium ones.
I always tried to follow to rules:
- Nothing on htb needs to be brute forced, expect password hashes
- there is always a way to get in (without bruteing)
Now I saw some streams (just live at Facebook) and they recommend ppl, to simply throw Hydra( or similar stuff) onto every login page, ssh they find with the biggest wordlists.
I mean cmon…what is that for a way to “teach”?
Can box makers use passwords which can not be brute-forced, to stop this behavior? ^^