Cracking it

So I was quite some time free member, and experienced the battle on the machines, in special the easy/medium ones.

I always tried to follow to rules:

  1. Nothing on htb needs to be brute forced, expect password hashes
  2. there is always a way to get in (without bruteing)

Now I saw some streams (just live at Facebook) and they recommend ppl, to simply throw Hydra( or similar stuff) onto every login page, ssh they find with the biggest wordlists.

I mean cmon…what is that for a way to “teach”?

Can box makers use passwords which can not be brute-forced, to stop this behavior? ^^

Some do but that creates an additional problem in that they end up DoSing boxes.

It doesn’t stop nutters hammering away at everything they find with every automated scanner they can find. People smash away at everything, even non-functional forms.