HTB Academy LOGIN BRUTE FORCING skill assessment- Service Login

@kons I agree with you. However, the real life it is usually a bit blur. So, unclear exercise push you to think harder. And at the end, maybe it is not a bad idea… (if we can use discord and forums, of course)

@kons Is it possible to have some guidance? I have tried @BoxBuster hits, from the previous exercise I know the empoyee’s first and last name (given by the message the login prompt) and the password requirements and still get timed out of the box before I can brute for in, using cupp -i and 1337 with every bit of information that is given off the target. Not sure what else I am missing here. Please help

Thank for your hint.

I still can’t get this after hours… I’ve tried the hints here and used the cheat sheet. I’m pretty sure I’ve got the right data.
Using previous assessment info:
usernameGenerator
cupp: first+last+option & policy (<2000words)
t 4
takes +30min no hit?

Got it! Hint: different small lists

1 Like

i still on it…my wordlist isn’t long, but still it seams i didn’t get the right name. Any hints what the username is? would speed up the process

Hey, man. Very sorry for this very late reply. I have been away from this forum a while. Most likely you have already went through it. In case you are still fighting, let me tell you that you should not get timed out while brute forcing as it takes not much to find the password. Are we talking about harry potter?

i am on the last step and have tried transforming the wordlist ‘rockyou-30.txt’ that the hint suggests you to use. I can’t seem to determine what list i need to use to get the second user’s password.

For those who have been like me and have been stuck on this question for ages, not being able to get the correct password list to use here are some clues, hopefully these are helpful:

  1. The brute forcing should not take long at all
  2. You only need to input the characters first name into the password generator (cupp)
  3. Try ticking the option to using special characters at the end of words
  4. Use Leet mode
  5. Dont forget to filter the password list for passwords that match the password policy
    Hopefully this help :slight_smile:
4 Likes

the challenge says:

We are given the IP address of an online academy but have no further information about their website. As the first step of conducting a Penetration Testing engagement, we have to determine whether any weak credentials are used across the website and other login services.

Look beyond just default/common passwords. Use the skills learned in this module to gather information about employees we identified to create custom wordlists to attack their accounts.

Attack the web application and submit two flags using the skills we covered in the module sections and submit them to complete this module.

How will I know that they talk about Harry Potter, is that I have a crystal ball, These reots should improve the context,I know it’s about Harry because I’ve read it on the forum but I don’t know when it would have occurred to me that it was about Howards Academy

1 Like

I did parts of the assessment on several days, so I had no chance to still remember the name Harry from the previous exercise…

Now I am stuck at the very last question: I found the second username and tries rockyou-30 as instructed. However, no chance to brute force into his SSH account. I tried both routes, from the internal 0.0.0.0.:80 address, as well the external IP address. Any additional suggestions or hints?

Thank you!

1 Like

When u complete the first skills, the website brute forcing u get a welcome page saying welcome harry potter and what his password requirements are. The seconds skills assessment follows on from that.

By following the password requirements and applying RegEx-Filters on Rockyou30, not a single compliant password is left in this list.
I am supposed to use Rockyou30 for this task, but this password list is not consistent with these password policies.

I am also having issue with the final assessment. I didn’t think to take notes when completing the earlier labs. I have gathered from reading the threads that Harry Potter was the employee we found earlier. I have tried to go back into that lab to see what the password requirements were and any other clues etc. But it will not let me back onto that page, perhaps because I already completed with and input the flag?
I tried using CUPP with Harry and Harry Potter. I also used the usernameGenerator with Harry Potter and have tried hyrda attacking ssh with those two lists I generated. Can someone help point me in what I am missing please?

In typical fashion I got this two minutes after I posted. I could have sworn I tried this method a few times already but this seemed work this time.
My clues would
CUPP Harry
usernameGenerator Harry Potter
maybe don’t be so sed about this one.

Hello,

1.) Regarding the penultimate question: Name is Harry Potter. Generate a Username List (Username Generator) and a Pass List with CUPP (see Akiraowen’s post above!), RegEx it and that should work.

2.) However for the very last question: There is a second (SSH-) user account, G.Potter. We are supposed to brute force on the victim machine using the provided RockYou-30 wordlist. This won’t work and I have no idea what else could be tried.

2 Likes

I can’t get this one after many days.

I have created a password list with cupp using the name harry potter with leet mode on. I filtered the passwords to 8 character max, no numbers, no special characters. I created a username list with Harry Potter.

hydra -L harry_usernames.txt -P harry.txt -u -f ssh://167.99.89.198:22 -t 4

any ideas?

Hey @Rapunzel3000 were you able to figure this out? I am also stuck on trying to use the rockyou-30 wordlist. I tried cleaning up the wordlist but no luck so far due to not having the permissions to use sed

Hello @r0m4d, no haven’t had any luck with the last exercise. I used the rockyou-30 on g.potter. Used hydra on the victim machine, as well as remote from my attack box. But it didn’t work…

Please for the love of god help me before i loose my mind. got up to the last assesment no problem and have been on this for a week!!!

I need some help, to making the wordlist of Harry. Do I need to know a lot about of the harry potter movies/books to generate the right wordlist? Or not? Do I need use the “interactive” mode of cupp for generate the right wordlist?

Becuase I don’t know much about Harry Potter and I’m stuck in the wordlist, I can’t get a wordlist with 13k line of length.

1 Like