Password Attacks | Academy

Module: Password Attacks Section: Password Mutations

I have been trying the bruteforce task for the sam users password. I’ve followed the instructions using the password.list file and the custom.rule included and the best64.rule which is part of hashcat. I have cut the password files down to 1k each and modified them so they only contain passwords 8-10 characters long but nothing seems to work.

It was also suggested to use ftp as its quicker than ssh for the bf but that has not returned any positive result either.

Is anyone able to please give me some guidance how to solve this?

Hi, i am in the same situation, did u solve it?

I had to use the pwnbox instead of the vpn from my kali box.

The command was straightforward and it took about 20 minutes with the mutated file but a massive waste of time spent trying it from my own box. No idea why we have to use the pwnbox but it seems to be a recurring problem on the academy that using the vpn can be really ropy.

PM if you need any help.

1 Like

Excuse me, I use this code with the files given in the module (crackmapexec winrm -u username.list -p password.list)
But I can’t find the username and password, is there something I’m doing wrong?

Hi, I’ve been stuck on this question for several hours. I downloaded the file over and over again, checked that the hashes were correct but nothing. I also did as you said, copied your hash but it doesn’t work. Hashcat gives me this result:
I used the mutation list generated from the password.list file given by the module resources.
What am I doing wrong? It seems unnecessarily difficult to me. Thank you!

Hi, I don’t remember what was going on in this module already. However I checked your found Password with my file and it actually works (I can freely extract notes.txt and read the flag).

Update: retook “Protected Archives”, downloaded fresh and password also works.

Customized wordlists work wonders for service cracking. Tailor them to your target’s interests. Also, automate your setup to escape that pwnbox and target loop.

Need to escape the special characters in the supplied password with a \

Hello! I have a problem ! I unzipped the archive! The flag in the notes.txt file is not suitable

Hello, could you share your flag in DM?

Hi, i sent message

after mutating the list remove the duplicates and sort it in ascending order it goes to 36k passwords.later increase the thread count of hydra. you will get the password for ftp

what do you mean? I need to use the credentials in that page like admin:admin?

I’ve been on hiatus from hack the box Academy. But I’m gonna get back on soon to look at your question. Because it took me a few days to figure it out. It didn’t take the four or five hours that they said it would take.

I finished the mysql part, just focus on the chapter

please can you share
me the flag too…my kali is saying not enough resources on device

help on the ssh

try the wordlist said at the chapter

In Attacking LSASS part, when I try pypykatz after moving the dump file, I got error

ERROR:pypykatz:Error while parsing file /home/htb-ac-1105225/lsass.DMP
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/pypykatz/", line 261, in get_lsa
    lsa_dec = LsaDecryptor.choose(self.reader, lsa_dec_template, self.sysinfo)
  File "/usr/local/lib/python3.9/dist-packages/pypykatz/lsadecryptor/", line 20, in choose
    return LsaDecryptor_NT6(reader, decryptor_template, sysinfo)
  File "/usr/local/lib/python3.9/dist-packages/pypykatz/lsadecryptor/", line 22, in __init__
  File "/usr/local/lib/python3.9/dist-packages/pypykatz/lsadecryptor/", line 26, in acquire_crypto_material
    sigpos = self.find_signature()
  File "/usr/local/lib/python3.9/dist-packages/pypykatz/lsadecryptor/", line 47, in find_signature
    raise Exception('LSA signature not found!')
Exception: LSA signature not found!

can someone help me?

nvm, solved it.
I used mimikatz instead

help will be appreciated too…i’m stuck at the same place