Login Brute-forcing Issue

Hack0p · September 30, 2024, 1:47pm

Hello everyone!

I’m new to HTB, and I’m currently facing an issue with the module called “Login Brute-Forcing,” specifically in the section on Basic HTTP Authentication.

I successfully used Hydra to brute-force the target and obtained the username “basic-auth-user” along with the easy password. However, they ask the following question:

“After successfully brute-forcing and then logging into the target, what is the full flag you find?”

With the credentials I gathered, I understand that I need to log into the target to retrieve the flag. I tried using the following SSH command:

“ssh basic-auth-user@94.237.51.124”

But I’m getting the error message:

basic-auth-user@94.237.51.124: Permission denied (publickey).

Am I doing something wrong? Could there be another way to connect to the target other than SSH?

Thanks for your help!

Hack0p

danielem · October 17, 2024, 7:34pm

go to http://IP:PORT in firefox on your pwnbox. This module is about basic http authentication. Its login splash boxes on a web page.

Coelho · October 22, 2024, 4:57pm

I’ve already tried many wordlists and, nothing, did you get to solve it? @Hack0p @danielem

Coelho · October 23, 2024, 2:31pm

Solved!

Hack0p · October 23, 2024, 2:38pm

Wonderful !

Hack0p · October 23, 2024, 2:41pm

Hello @danielem Yes few hours after un my i just opened the browser and put the IP and Port and it was solved , thanks again !

Cathy77 · November 5, 2024, 12:31pm

Hi, I have used the ip address and port to login, and my username and password are not working!! I am using the generated hydra username and password . I reloaded the target and redid the hydra command, but still it does not work. Can someone assist?

iadams3129 · November 8, 2024, 1:03am

same thing is happening to me. IP and port dont bring up a login page at all. I used hydra and got the password but have no place to use it.

ibl4zqu3z · November 15, 2024, 6:37pm

Hello friend!

Just follow the steps in the lesson.

Generate a dictionary with username-anarchy using Jane and Smith, this will give you the username dictionary.
Use cupp to generate a custom password dictionary (answers are in the study material).
Use grep to clean and customize the dictionary and make it smaller. (code is in the study material).
Launch hydra, pay attention to the file names for usernames and passwords. Use the ones you generated (code is in the study material).
You will get the credentials for the web login and after logging in the flag will be revealed.

happy hacking!

Topic		Replies	Views
HTB Academy - Service Authentication Brute Forcing[ISSUE] Academy	10	2299	August 29, 2024
Login Brute Forcing Skills Assessment Academy	20	5895	September 1, 2024
Login Brute Forcing Skills Assessment Part 1 Academy academy	8	1470	May 25, 2025
HTB Academy - Skills Assessment, Service Login (Hydra) Academy hydra , help	2	677	June 7, 2024
HTB Academy - Service Authentication Brute Forcing Other htb-academy	17	5267	July 5, 2024

Login Brute-forcing Issue

Related topics