Hi. I am trying to brute force SSH but i dont know how to do this. I tried lot of personalized lists. Is the employee from previous section? Or I misunderstood something? Please can you direct me? I think the question is badly formed.
5 Likes
Solved
how did you go on the second question for skill assessment- website
Im hoping someone can help me with the Login Brute Forcing Skills Assessment. I easily got the first password that gets me to the form password page.
im sure i have the command correct as i have changed the parameters for login and the php page name.
however i cant get a hit on the pw. iv tried names list and normal password list. i also used the default username/password file used in the previous step.
am i’m missing anything silly?
Type your comment> @KnightOfNih said:
Im hoping someone can help me with the Login Brute Forcing Skills Assessment. I easily got the first password that gets me to the form password page.
im sure i have the command correct as i have changed the parameters for login and the php page name.
however i cant get a hit on the pw. iv tried names list and normal password list. i also used the default username/password file used in the previous step.
am i’m missing anything silly?
Hi, just make sure your fail string is correct because the form name has changed. BTW it takes short time to get the result if all parameters are correct.
I was able to easily complete the Website assessment, but I am still completely stuck on the “Skill Assessment - Service Login” section. The question does not clearly state who we are supposed to brute force… is it Bill, or Harry?
So far I’ve been attacking Harry’s account to no avail.
Update: I found out you can brute force SSH using a bunch of threads. I haven’t found the answer yet, but increasing the threadcount makes the attack go significantly faster.
^ Well, this turned out to be wrong. If you use more than 4 threads, some requests may get dropped by the SSH server.
Type your comment> @BoxBuster said:
Update: I found out you can brute force SSH using a bunch of threads. I haven’t found the answer yet, but increasing the threadcount makes the attack go significantly faster.
You’re on the right path, just follow the instruction of Service Authentication Brute Forcing and Personalized Wordlists.
Finally got it. Here are what hints I can give to those who are stuck:
- If you’re on the right path, you’ll be able to crack the password in under 5 minutes. Don’t dive down the rabbit hole of waiting hours for long wordlists to complete (like I did).
- Use the cheat sheet and read all sections of the module.
- Use 4 threads.
- Harry is 1337. If you know you know.
2 Likes
@BoxBuster or anyone else for that matter. I feel like I’m going down the rabbit hole. I tried to keep my wordlist simple but no pass. I would appreciate any hint or advice to nudge me back on track. Right now it seems to take unreasonable long and therefore doubt that it is correct.
Hi guys,
i have same problem as @Volfbit . the wordlist for our user is created and “sed” is used also, but cracking service last to long. Could you please help me with hint how many details to import in wordlist. Thanks!
Hi, all, Yes, me too! Stuck in the login form of the Skills Assessment. I think I have been running the correct parameters and I have observed something curious: Almost every time I run the rockyou.txt I get different passwords…Is this normal? In any case none of those let me access the login page. I tried other dictionary files as well with different results, but nothing. Any hints? Thank you!!
Hi! Anyone for discuss to the wordlist ? Service make to long to bruteforce with 4 threads …
HI, BoxBuster,
Thanks for so many cues. Nevertheless I need a bit more). I’m fully stuck. Can I explain to you my (faulty) logic and maybe you can tell me why I am failing constantly?
I only have and IP and a port.
NMAP tells me this is a SSH service
I have been using HYDRA, METASPLOIT and NMAP to brute force the SSH with all kinds of username files, password files…Nothing((
AM I on the wrong path? Should I have started in a different way?
I would appreciate so much a bit of light )
Thank you very much and good luck with your progress in HTB
1 Like
Hi,
Thanks for the tips. I am still confused about the employee. I guess it is Mr. B. Gates. so, I don’t know the role of Harry here or h4rry. I reread the modules again in order to find reference about harry. You meant harry is the user? Any nudge is welcome. Building a dictionary without knowing exactly who is the target is hard. 
Thank you
Hi, Darvidor, why do you think it is B. Gates?
If I am not wrong, In the example of cupp -i we buit a dictionary based on Bill Gates. This is my mistake. Maybe it would be useful that HTB exaplain that assesments are connected. Solved.
Ok, that clarifies a lot if we need to use that name used before. Did you use cupp -i again to get a new password list filling all the blanks or just kept it very simple to reduce the list?
by solving the prior skill assesment you will get the employee name. With that - as suggest the problem formulation, we create a user list for that employee and we create a custom dictionary. It is not a real scenario so, we don’t need much information to create dictionary. Play with name, surname and extra questions. For more tips DM.
Got the first question finally! Darvidor was right as the employee name to use is actually the one found on the previous assessment (Skills Assessement-Website). With this employee we can create passwords with cupp -i and later refine the results with the company password policy. With NameGenerator we can create his usernames list. This way we get his credentials and break into the Shell and find another user…
The problem of all this is the ambiguous wording to present the task. As a matter of fact very unprecise.
2 Likes