Login Brute-forcing Issue

Hello everyone!

I’m new to HTB, and I’m currently facing an issue with the module called “Login Brute-Forcing,” specifically in the section on Basic HTTP Authentication.

I successfully used Hydra to brute-force the target and obtained the username “basic-auth-user” along with the easy password. However, they ask the following question:

“After successfully brute-forcing and then logging into the target, what is the full flag you find?”

With the credentials I gathered, I understand that I need to log into the target to retrieve the flag. I tried using the following SSH command:

“ssh basic-auth-user@94.237.51.124

But I’m getting the error message:

basic-auth-user@94.237.51.124: Permission denied (publickey).

Am I doing something wrong? Could there be another way to connect to the target other than SSH?

Thanks for your help!

Hack0p

go to http://IP:PORT in firefox on your pwnbox. This module is about basic http authentication. Its login splash boxes on a web page.

I’ve already tried many wordlists and, nothing, did you get to solve it? @Hack0p @danielem

Solved!

Wonderful !

Hello @danielem Yes few hours after un my i just opened the browser and put the IP and Port and it was solved , thanks again ! :wave:

Hi, I have used the ip address and port to login, and my username and password are not working!! I am using the generated hydra username and password . I reloaded the target and redid the hydra command, but still it does not work. Can someone assist?

same thing is happening to me. IP and port dont bring up a login page at all. I used hydra and got the password but have no place to use it.

Hello friend!

Just follow the steps in the lesson.

  1. Generate a dictionary with username-anarchy using Jane and Smith, this will give you the username dictionary.

  2. Use cupp to generate a custom password dictionary (answers are in the study material).

  3. Use grep to clean and customize the dictionary and make it smaller. (code is in the study material).

  4. Launch hydra, pay attention to the file names for usernames and passwords. Use the ones you generated (code is in the study material).

  5. You will get the credentials for the web login and after logging in the flag will be revealed.

happy hacking!