Password Attacks | Academy

My head explose now !!! @PaoloCMP
now I have to find a passowrd for the profile ???

WHAT THE ■■■■ THIS LAB ???
WE ARE IN ACADEMY ! THIS IS VERY HARD FOR THE NEWBIE

1 Like

Ok… on Password Mutations
I have created a mutated list with the resources as the question and module tells me too.

hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list

I then used hydra on the FTP service with -o to a file and ran through the entire list. Which takes forever since I can’t do it in one shot. However I did not get a hit with sam as the username and the mutated list as the password.
hydra -l sam -P mut_password.list -V -t64 -o out.txt ftp://10.129.112.164

For the love of Pete can someone help me?
Do I really have to do this with SSH (it is super slow trying SSH) with the entire list?

Edit: soon after this post I got it. I tried again using the method with awk to sort out smaller words from the wordlist, as was hinted at above. I sorted the wordlist by numbers greater than 8,9,10 etc… The amount of frustration this brought me!.. And I was able to use FTP as also hinted at above… yarghh!

2 Likes

man, this module is bullshit !
I understand your frustration ! It’s almost a month I blocked in the Password Attacks module !!!

3 Likes

Hey guys,
How can I login with Kira, I am using the password indicated in the hint throught ssh, ftp and smb but nothing works. In smb the access to SHARE in denied.
I also have tried to brute force ssh using kira and the wordlist that can be found in resources but it does not work
Should I use mutations with the password indicated in the hint?
Thank you in advance

Here the password. I dont give a ■■■■ about this ■■■■ module !!! I wasted a lot of time for nothing interesting !
L
0
v
e
y
0
u
1
!

OOK ?

5 Likes

Here the password. I dont give a ■■■■ about this ■■■■ module !!! I wasted a lot of time for nothing interesting !
L
0
v
e
y
0
u
1
!

OOK ?

2 Likes

yes

If the connection wasn’t so bad I might not be so frustrated. Even on the next section with Mysql I am pretty much watching paint dry with the PWN box or with VPN. It is definitely extremely frustrating! I can type a command or two, then sit here and wait 5 minutes for anything to happen…
This is after I connect with sam via ssh… :face_with_symbols_over_mouth:

Thank you

Hi guys! Can you give me some tips on the mysql part? I’ve tried almost everything, googled 3306 and 33060, looked through all mysql, mysqld and mysqlx files, I also tried going through all the existing default credentials (with and without rules). I don’t know what else I can do. I have access to the user sam and k.

this is the best hint, thank you very much.
After your hint i switched to the pwnbox and i solved it in about 30 minute. Thank you very much
Topic.: Password Attacks | Password Mutations

PWNBOX and PaoloCMP’s hint was the key for me as well. Pretty frustrating that the VPN wouldn’t work. :rage: :rage:

Hi man,
I try to attack the Browsers with firefox_decrypt and laZagne.py
For firefox_decrypt, It ask me for a master password. I can’t go so far cause I dont know how to bruteforce this password.
For laZagne.py, it find nothing.
lazagne

Other hint ?

I did it right now. Logged in as kira, firefox_decrypt, second item and done. Have you downloaded the firefox_decrypt from github?

Hmm. I use firefox_decrypt-0.7.0 as recommand in github for python < 3.9
And it ask me for the master password…
I retry right now, same error. wtf
firefox_decrypt

Oh ■■■■ I got it !
I wast time to find master password of firefox or try with other solution (like lazagne.py) , but the solution is very simple. There is no password protection for firefox !!!
I just hit enter…
Thank you very much for your hint and your time :sweat_smile:

Any luck on this? I am still fighting it as well, mainly due to the fact that when I connect via ssh to the mysql box it keeps hanging and I can get any work done…

Still the same, how about you?

I pray to God, help me with the chapter on “Password Reuse / Default Passwords”!

1 Like

It’s easier than it seems. Nothing to crack, look at the github DefaultCreds-Cheat-Sheet for what you are looking for