Password Attacks | Academy

Hi, does anyone could give a hint to which file list use to crack services?
I tried the most commons until I can, but pwnbox and target expire before and I have to set up it again, so I’m trapped in a loop with no exit.


Update: I got winrm, rdp and smb. Pay attention that crackmapexec doesn’t stop when credentials match, so you have to found them manually into the console.
Still stuck with ssh, any hint will be appreciated

Hi, I am currently in the learning process.
And is there any tips about find the correct usernames? or it’s another brueforce case.

Choose usernames depending on the device and country.

I’m in the network services. When I cracked winrm (with bruteforce) I got a list of possible users but none of them works with ssh

EDIT: Solved the exercise but really? that was not what I was expecting

Solved. Just use a process of elimination and the correct wordlists :slight_smile:

1 Like

The password mutation is more complicated , and very long to try bruteforcing (all services)

does someone find the password of the root in Passwd, Shadow & Opasswd

How did you get Ssh credentials? I’m going crazy

try using cat mutated.list | grep -E ‘^.{11,}$’ > new_mutated.list and eliminate the duplicates

1 Like

Hint: Don’t try to brute-force ssh first. Get access to the system using the other methods. After that, enum the system for further information. With this information you can modify your wordlist(s) and reduce brute-force time complexity. :wink:

1 Like

anyone can help me with Password Attacks Lab - Easy?

I’m finding the mutation section quite frustrating…particulalry since it is a zero cube section. Brute forcing is producing nothing…


So am I. No hint, no cubes and to solve the next one you have to do this. I also tried to bruteforce ftp, but nothing

I just got the ssh user after a lot of enumeration, password file mutation and an hour of bruteforcing… :confounded: :confounded: :confounded:

Is there a way to enumerate users in the mutated password section?

Yes…think of an enumeration technique NOT in the Password Attacks module…

OK the plot thickens. Mutations section question. I have an ssh user. Logged in to the server. Found a file containing a flag. Input it as the question answer and it says incorrect. Can’t find any other kind of flag file. Is there a problem with this question?

what user do you find? you need to have 2 users