I too am stuck at the point where I get the first FTP credentials.
I am using hydra with a password list that I have varied as follows, but I am unable to get the credentials
$ hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list
$ hydra -L username.list -P mut_password.list ftp://<IP> -t 64
try this
hydra -L username.list -P password.list IP ftp
Thank you very much.
I can now ssh with m*** n credentials.
Also, I have a question, how do you do privilege escalation?
I solved!
Letās start medium lab
There are many ways to do privilege esculation. I would start with sudo -l.
hey! i got the firtst user s**. however, i was able to find the root password. i tried brute force for hours on a new account.
Please, any hint?
hi all. i am stuck on password lab easy. i found the first accoutn creds, but when i SSH it seems there isnt much on it. it seems must have a 2 account to be brute force and ssh in. any hint? i have tried brute force for almost 1 hour an nothing. Please, need help
check for user activities after logging in.
You may have missed it? Possibly try -fF (if youāre using hydra)
Donāt overthink. Challenge is straightforward.
Totally waste of timeā¦ Why the password cannot set to be the first few of the dictā¦
How could it be that when using hydra like this:
hydra -l username.list -P password.list <IP> ftp -t 64
It does not find the correct credentials. However, if I use the username mentioned above directly like this:
hydra -l 'm***' -P password.list <IP> ftp -t 64
Hydra finds the correct password. The username.list contains the username m***. I also checked it with crackmapexec, and I could find the correct credentials in its output but it considered it as incorrect.
crackmapexec FTP <IP> -u username.list -p password.list
...
`FTP <IP> 21 <IP> [-] m***:****7**(Response:'NoneType' object has no attribute 'sendall')
...
Any explanation to this?
Because you use the flag ā-lā instead of ā-Lā when trying to bruteforce with a list of usernames.
Exactly! I spotted this shortly after posting it. I didnāt know that the uppercase -L is for list of usernames and the lowercase -l is for a single username. Thanks for the clearification here tho.
-l is for a single user
-L is for a password list.
Iām getting a bunch of errors when using hydra with password.list and username.list, i used -vv to see what was going on. Keep getting errors, too many connections, it basically just fails
first hydra without mutation list on ftp with -t 64
chmod 600 id_rsa
ssh login
history file for PE
Tried that, didnāt work for me 
hydra -L user.txt -P pass.txt ftp://10.129.47.45 -t 64
any suggestions? Thanks!
I had the same issue, I struggled for a week on it.
Found anything? Im still struggling