Password Attacks Lab - Easy

need a push here - assuming we are to brute force SSH and/or FTP, but the scans never finish.

Oh. I remember that! break the password list to smaller chunks, brute ftp, use more threads and use restore files.
It takes quite a while anyway but with smaller files at least it’s easier to track progress.
Another useful thing to do is to sort the password list by length (from smaller to lager) before splitting it.

Do you use the mutate command or regular passsword list?

Hmm, I think I’d mutated the list using the rules from attachment

i finally got it man, THANK YOU! - i owe you one

1 Like

What username and password list did you use?

[★]$ hydra -L username.list -P password.list -t 64

Got mike that’s it. Logged in as Mike and only see Mike’s Id_rsa files.

correct, go back to the section about SSH - you should be able to use the id_rsa file to login


ssh -i - command

But it’s Mike’s id_rsa and ssh asks for a password. 7*****7 doesn’t work. But I will try it again. Thanks!

Got it thanks!

I thought the same thing about the id_rsa file. It’s root. When you ssh in just use M**** password as the passphrase.

1 Like