Password Attacks Lab - Easy | Password Attacks

Sforcher · September 2, 2022, 6:23pm

Good evening,
I need some help with this exercise.

What i already did:
Nmap scans that shows that port 21 ftp and port 22 ssh are open.
Because of de hole Module i tried to brute force the two port with rockyou and with the sources we got from the module. But nothing work.
What i also tried is to anonymous login on ftp and s ftp but it didn’t work.

I hope someone can direct me into the right direction

PayloadBunny · September 4, 2022, 8:44am

You have received two lists in the module.
Try it with this lists

Sforcher · September 5, 2022, 8:31am

Thank you very much. Any tips for the hard one ?
crackmapexec Winrm Scann
winrm
Johanna:password.list –
johanna:password.list –
user.list:password.list
johanna:/usr/share/wordlists/fasttrack.txt –
Johanna:/usr/share/wordlists/fasttrack.txt –
wsman:/usr/share/wordlists/fasttrack.txt –

smb
Johanna:password.list –
johanna:password.list –
username.list:password.list –
Johanna:/usr/share/wordlists/fasttrack.txt –
johanna:/usr/share/wordlists/fasttrack.txt –
wsman:/usr/share/wordlists/fasttrack.txt –
johanna:mut_password.curtorm.list

i tried a lot of wordlists.

Edit.: I found the password for johanna, but i have problems to download the L****.k*** file

wtjsk · October 18, 2022, 5:15am

I have tried to solve the easy lab using the lists, but i get nothing near the answer

I also used the custom.rule to mutate the password, but still I got nothing

yonde · October 27, 2022, 6:17pm

Hello, I struggle on this one for days, I used the lists provided as resources, can someone help me pass this easy lab?

PayloadBunny · October 29, 2022, 12:24pm

DM me if you still need help

aleks-9 · November 12, 2022, 10:26am

Hello. I can’t connect via ssh . Found credits from ftp. downloaded the encrypted key. hacked it. pass ******7 . but when connected, it writes the wrong phrase. what am I doing wrong?

PayloadBunny · November 12, 2022, 10:48am

Remember that the SSH key always belongs to a user.

aleks-9 · November 12, 2022, 11:24am

thanks but that didn’t get me closer to an answer. I’m trying to connect with the user m**e and root tried too. I do not accept the passphrase from the key.

aleks-9 · November 12, 2022, 11:30am

Or do I need to look for other users?

sonomood · January 25, 2023, 9:39am

Guys I need some help please, I read all the posts but I can’t get past the Password attacks - Easy Lab… I 've done the mutation. sorted it unique, grep the ones with 10+chars, tried for the s user and the k user on the F** port but still no luck, maybe I am missing something… Thanks!

lxbx · January 28, 2023, 9:37pm

username.list
password.list
chmod 400 id_rsa

aleks-9 · February 6, 2023, 4:55pm

yes i went through it. in my case, I didn’t change the permissions on the .chmod 600 key. where are you stuck?

wfsahuo3 · February 6, 2023, 7:18pm

I just finished the easy and medium lab. Will start with the hard one tomorrow. Enough for today.

pokolhaboru · February 13, 2023, 12:15am

hey guys… im stuck!
i found the password of mike, but im stuck, the id.rsa that i found is password from mike…
anybody help me?

pokolhaboru · February 13, 2023, 12:18am

ssh -i id_rsa m***@ip

pokolhaboru · February 13, 2023, 12:37am

i found the bassworrd is in history

MekkX · February 15, 2023, 2:26pm

Hi I am stuck, I tried to force ssh with hydra using user.list and password.list (also mutated) but it takes a long time and I think I am doing something wrong. I don’t know how to do it, do you have any suggestions?

MekkX · February 15, 2023, 3:48pm

Hi I am stuck, I tried to force ssh with hydra using user.list and password.list (also mutated) but it takes a long time and I think I am doing something wrong. I don’t know how to do it, do you have any suggestions?

abhi9300 · March 5, 2023, 8:38am

mee too