Password Attacks | Academy

Dhekhanur · March 23, 2022, 4:54pm

@Cr0nuS may I DM you?

sirius3000 · March 23, 2022, 4:54pm

I have a user k…

Cr0nuS · March 23, 2022, 4:54pm

you need to have user s… to have the flag

Cr0nuS · March 23, 2022, 4:55pm

you can dm me

sirius3000 · March 23, 2022, 4:56pm

OK thanks…back to it then…

PaoloCMP · March 23, 2022, 5:19pm

I got s… user, but the mutated list has 90k entries with no duplicate, hydra with only 4 threads is slow, and more over machine changes ip so i can’t restore. Level insane

sirius3000 · March 24, 2022, 8:30am

It seems that the s user is what’s needed for the flag on the mutation section…

Dhekhanur · March 24, 2022, 10:01am

Is there a way to speed up the bruteforce since 90+k unique entries is really really boring

sirius3000 · March 24, 2022, 10:05am

Make sure you know which users you’re targeting (enumerate the target), and there’s a policy that will enable you to reduce your list size…

PaoloCMP · March 24, 2022, 10:32am

With the user s… and the policy I found [hint: lenght], list has 50k entries. Is it correct? But the target expires and hydra tested less than 5k entries, it’s too slow

sirius3000 · March 24, 2022, 10:39am

I’m at the same stage as you…that sounds correct to me. It just means you have to try other lists and mutations…

PaoloCMP · March 24, 2022, 10:56am

For God’s sake, they said to use the lists and the rule attached

Dhekhanur · March 24, 2022, 11:17am

In my opinion this is just bad exercise design to state in the description to use the files attached and give no hint as to how to enum sufficiently to reduce complexity enough for it to work on a reasonable timescale (max 5-10 min). This isn’t an enum course after all

sirius3000 · March 24, 2022, 12:00pm

Yeah I agree…they do assume some prior knowledge…

Niotop · March 25, 2022, 10:36am

Please, can anyone provide some hint on Password mutation section?

sirius3000 · March 25, 2022, 10:38am

Been on that about 3 days now…still no further forward really…if you get anywhere with it DM me and I’ll do the same…

What users do you have? (DM me not to give any spoilers)

Sirius3000

Tommy1337 · March 25, 2022, 9:36pm

My way and my hints:

Try to use a tool from impacket to get the user (and some additional information, as well). You hopefully found several services in your scanning phase…

With these information I shrank my muted password list to about 3000. Furthermore, I didn’t brute force ssh but another service to use more threads in hydra (my assumption: user used the same pw for different services).

Tommy1337 · March 25, 2022, 9:39pm

I disagree. This is a medium course. Knowledge in enum can be presumed.

Dhekhanur · March 25, 2022, 10:29pm

I would like to know how you narrowed it down that far. I can provide the password. Also these double ranks kind of confuse me (tier and difficulty) but imo I stand by my words yes the user enum is easy enough but I don’t know where you pulled enough info from to narrow it down to 3k. (obviously not in public but private messages)

Dhekhanur · March 26, 2022, 7:17pm

After doing both easy and medium skills assessments I have to say I didn’t really enjoy the easy skills assessment but the medium one was interesting and now working starting on hard