trying to figure this one out but this exercise doesn’t seem to match the exercises through the module. I can see SSH servcice but there is no password auth so unable to brute force because its not accepting a password, and there isn’t any other available information from any services found or via the web page login. This section explains using username anarchy however there aren’t any discoverable names etc so unable to do that either… also using hydra payload from “Login forms” exercise which is very similar also isn’t yielding anything. any push would be appreciated
open firefox on your pwn box and go to http://IP:PORT of the target you spawned.
Since there’s aren’t any discoverable names maybe try the jane example in the write up and try that.
2 Likes
just had to think more simply =.=, thanks
I cannot figure out the answer to this for the life of me. How did you do it?