Password Attacks | Academy

i stuck in Credential Hunting in Linux module.
i Created a list of mutated passwords many rules and brute force kira but failed.
rule that i used

Any hints for rules.

Just use the custom.rule and password list we are provided

1 Like

The correct username and mutated password are so far down the lists, this would take forever without checking the hint :confused: ETA for me is 84 hours, I must be missing something…

What are the credentials? I have wasted so much time trying to crack this password and the next 4 challenges all rely on it. I really dont get why they made this chapter an enumeration chapter when you are supposed to be learning password attacks

I had the same problem
Just create a file with a single word “loveyou” (got this idea from the hint, I think the developers of this module want to say us, that many people use simular passwords for all services but whatever) and mutate it with custom.rule and brute-force SSH with it and login “kira” (also got this from the hint).
Then you get there, just use some automated tool we discussed in this module
If you have some more questions, feel free to dm me :wink:

Yeah I tried that and it worked. Thank you

Any tips on how to get the root password using Will’s account? My initial thought was to copy the passwd and shadow files then unshadow them but Will does not have SU privileges

Yap, try to look at will’s foleder, maybe he saved a backup there? :thinking:
(And I can save you lots of time: use mutated password list to dump the hashes)

Youre a real one. Thank you!

1 Like

I spent a lot of time on this. I used the same technique you did. Turns out “Kira” username is lower case. Whoops. How exactly did you figure that out?