Password Attacks | Academy

The machine always disconnect every few seconds.
Is this normal?

Wow, pw mutation was insane, thanks to @Cr0nuS and @Dhekhanur hints I did it.
But Will and the labs seem even worse, don’t they?

Edit: spoiler for will :{[(it is not in the 90k entries of pw list)]}

Carefully read the instructions regarding the will account.

1 Like

OK anyone got any hints on the Password Attacks Lab - Easy? Is it another case of getting lucky with the right mutated password list?

No, labs compared to pw mutations are easy. The plain lists given will be enough for easy-lab, but keep the mutated list, you’ll use it

1 Like

Really?? The plain lists give you 20000 login attempts? That’ll never complete in the time the box is active.

Yes. Set a high number of threads with hydra (not more than 48) to increase speed, and crack all services available

Great thanks :+1: :+1:

Any tips for the Credential hunting in linux section? I’m in the box but I can’t find any credentials. I’ve tried everything, including manually enumerating the box. I can’t find anything.

I cannot find the correct word list. Stuck with SSH… Any idea?

Read the “hint” in the task description. Perhaps you can do some “magic” stuff with the given “username” and the given “password”. :slight_smile:

Did you find the solution for the ssh? I am banging my head for the ssh part in Network Services


I am stuck at the mutated list. After enumeration of all services with all my knowledge so far, I was able to find another user (not sam). But I cannot get any further. I tried to brute force the other services for the other user but to no avail.
I also found the password policy but that did not limit much my wordlists.

Could you please give me a hint?


With password mutations the user is ‘sam’, so you don’t need to look for another one. Bruteforce with hydra the ftp service (ssh is too slow), increase the number of thread (min 48) and split the mutated list by length to test each one (for example, you try first the mutated password with lenght 8, then 9 and so on).

It’s not fast but it will work

Thanks @PaoloCMP!

I will try that, I was hoping there would be a way to shorten this process. As this will be long, I hope the mutated list is based on the provided password.list and not some other out-of-the-blue list.

In the meantime I was enumerating the s*** out of this server and was actually able to solve stuff from later sessions :slight_smile:

Can you help me with that part? I find root hash but I cant unhash it. I tryed rockyou.txt + password.list + custom.rules.
Can you give me a tip pls?

Hi, if you’re not already done, tell me where you are. I don’t remember which part this is

thx for answering! My hashcat doesn’t work correctly. With properly set up hashcat in pwnbox I can unhash hash! Done with resource pass.list + custom.rule

1 Like

Mutated password list is what you need

can anyone give us a name for “userlist” and “passlist” please?