Password Attacks | Academy

PaoloCMP · March 19, 2022, 10:56am

Hi, does anyone could give a hint to which file list use to crack services?
I tried the most commons until I can, but pwnbox and target expire before and I have to set up it again, so I’m trapped in a loop with no exit.

Thanks

PaoloCMP · March 21, 2022, 9:37pm

Update: I got winrm, rdp and smb. Pay attention that crackmapexec doesn’t stop when credentials match, so you have to found them manually into the console.
Still stuck with ssh, any hint will be appreciated

linncappu · March 22, 2022, 6:20am

Hi, I am currently in the learning process.
And is there any tips about find the correct usernames? or it’s another brueforce case.

Crontoo · March 22, 2022, 8:18am

Choose usernames depending on the device and country.

PaoloCMP · March 22, 2022, 11:29am

I’m in the network services. When I cracked winrm (with bruteforce) I got a list of possible users but none of them works with ssh

Dhekhanur · March 22, 2022, 12:59pm

EDIT: Solved the exercise but really? that was not what I was expecting

sirius3000 · March 22, 2022, 3:07pm

Solved. Just use a process of elimination and the correct wordlists

christrc · March 22, 2022, 5:52pm

The password mutation is more complicated , and very long to try bruteforcing (all services)

Cr0nuS · March 22, 2022, 8:33pm

does someone find the password of the root in Passwd, Shadow & Opasswd

PaoloCMP · March 22, 2022, 9:50pm

How did you get Ssh credentials? I’m going crazy

Cr0nuS · March 22, 2022, 9:53pm

try using cat mutated.list | grep -E ‘^.{11,}$’ > new_mutated.list and eliminate the duplicates

Tommy1337 · March 23, 2022, 5:16am

Hint: Don’t try to brute-force ssh first. Get access to the system using the other methods. After that, enum the system for further information. With this information you can modify your wordlist(s) and reduce brute-force time complexity.

Cr0nuS · March 23, 2022, 9:01am

anyone can help me with Password Attacks Lab - Easy?

sirius3000 · March 23, 2022, 3:05pm

I’m finding the mutation section quite frustrating…particulalry since it is a zero cube section. Brute forcing is producing nothing…

PaoloCMP · March 23, 2022, 3:20pm

So am I. No hint, no cubes and to solve the next one you have to do this. I also tried to bruteforce ftp, but nothing

sirius3000 · March 23, 2022, 3:23pm

I just got the ssh user after a lot of enumeration, password file mutation and an hour of bruteforcing…

Dhekhanur · March 23, 2022, 3:34pm

Is there a way to enumerate users in the mutated password section?

sirius3000 · March 23, 2022, 3:39pm

Yes…think of an enumeration technique NOT in the Password Attacks module…

sirius3000 · March 23, 2022, 4:51pm

OK the plot thickens. Mutations section question. I have an ssh user. Logged in to the server. Found a file containing a flag. Input it as the question answer and it says incorrect. Can’t find any other kind of flag file. Is there a problem with this question?

Cr0nuS · March 23, 2022, 4:52pm

what user do you find? you need to have 2 users