Password Attacks | Academy

HTB Content Academy
233

I’m on the Skills Assessment - website. I’ve used Burp to get the Post form data. I’ve run the command to crack the password, and I get a success. But then the user name/password don’t work. I run it again, and it cracks a different password. I don’t know what to do.

$hydra -l admin -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -f 144.126.234.86 -s 32429 http-post-form “/admin_login.php:username=^USER^&password=^PASS^:F=<form name=‘login’”

It’s given me:

login: admin password: 123456789
[STATUS] attack finished for 144.126.234.86 (valid pair found)
1 of 1 target successfully completed, 1 valid password found

host: 144.126.234.86 login: admin password: 12345
[STATUS] attack finished for 144.126.234.86 (valid pair found)
1 of 1 target successfully completed, 1 valid password found

host: 144.126.234.86 login: admin password: iloveyou
[STATUS] attack finished for 144.126.234.86 (valid pair found)
1 of 1 target successfully completed, 1 valid password found

234

just put a file with Loveyou1 and make mutation with this…

2 Likes
235

Guys, anybody cracked root pass? Im stuck… i use mutated password and nothing

236

Hello, Can someone help me to solve the skills assessment - Med lab?
I found jason ssh password, but I could not found nothing after ssh login.
What should I look for? Thanks.

237

I’ve done all the modules up to here with no problems. But now I’m really stuck at Use the LINUX01$ Kerberos ticket to read the flag found in \DC01\linux01. Really how this module is written it really is a cluster f… Everything I try doesn’t work properly . error after error. I’m really at the point of quitting this whole certificate path.

238

There is a difference in user ticket and computer ticket, try to use the ticket associated with the question :wink:

1 Like
240

I did it!!! Thanks for the tip :+1:t2:

1 Like
241

Don’t quit either, just try a different view on things to get you back on track. The satisfaction of success should be the motivator.

1 Like
242

Finally :slight_smile:

5 Likes
244

How far have you come?

246

office2john?

The different wordlists will drive you crazy. I don’t think this is necessary to explain something.

247

hey guys anyone have this problem with the machines? I’m at the network services section i was able to crack all the passwords and achieved all the flags but suddenly the answer for the smb user vanished and once i tried to resubmit the answer the site is telling me its the wrong answer. i don’t want this to affect me later on down the line by preventing me from taking the exam. if someone could please help. do i maybe need to perform privesc and submit admin flag? or regular smb user flag will do? please help :cry:

249

Hi all,

If anyone is having issues with ssh just try

ssh david@inlanefreight.htb@ -p 2222

Hope this is not a spoiler

250

did you get the flag mate, or do you need any help?

251

make sure you’re in the correct directory.

252

having trouble with the attacking lsass section some one please help pypykatz is not working for me :cry:

253

i keep getting this error.

Traceback (most recent call last):
File “/usr/bin/pypykatz”, line 33, in
sys.exit(load_entry_point(‘pypykatz==0.4.9’, ‘console_scripts’, ‘pypykatz’)())
File “/usr/lib/python3/dist-packages/pypykatz/main.py”, line 16, in main
from pypykatz.kerberos.cmdhelper import KerberosCMDHelper
File “/usr/lib/python3/dist-packages/pypykatz/kerberos/cmdhelper.py”, line 17, in
from pypykatz.kerberos.kerberos import get_TGS, get_TGT, generate_targets,
File “/usr/lib/python3/dist-packages/pypykatz/kerberos/kerberos.py”, line 11, in
from msldap.commons.url import MSLDAPURLDecoder
ModuleNotFoundError: No module named ‘msldap.commons.url’

254

try re installing it, are you using pwnbox or local kali machine.

255

im using a local kali machine and i have reinstalled it but no prevail :frowning:

edit: solved the problem :smiley:

256

Did you ever figure this out?