Cracking it

0xbadbac0n · April 4, 2020, 4:35pm

So I was quite some time free member, and experienced the battle on the machines, in special the easy/medium ones.

I always tried to follow to rules:

Nothing on htb needs to be brute forced, expect password hashes
there is always a way to get in (without bruteing)

Now I saw some streams (just live at Facebook) and they recommend ppl, to simply throw Hydra( or similar stuff) onto every login page, ssh they find with the biggest wordlists.

I mean cmon…what is that for a way to “teach”?

Can box makers use passwords which can not be brute-forced, to stop this behavior? ^^

TazWake · April 4, 2020, 10:23pm

Some do but that creates an additional problem in that they end up DoSing boxes.

It doesn’t stop nutters hammering away at everything they find with every automated scanner they can find. People smash away at everything, even non-functional forms.

Topic		Replies	Views
Please tell me that I am not the only one... Off-topic	4	1272	June 2, 2019
Help Me Anyone Off-topic beginner , noob , challenges , htb	17	2260	February 15, 2020
PlayerTwo Machines machine , htb , playertwo	249	37285	June 24, 2020
Kryptos Machines	109	13155	September 20, 2019
Monteverde Machines box	587	89042	June 12, 2020

Cracking it

Related topics