need a push here - assuming we are to brute force SSH and/or FTP, but the scans never finish.
Oh. I remember that! break the password list to smaller chunks, brute ftp, use more threads and use restore files.
It takes quite a while anyway but with smaller files at least it’s easier to track progress.
Another useful thing to do is to sort the password list by length (from smaller to lager) before splitting it.
Do you use the mutate command or regular passsword list?
Hmm, I think I’d mutated the list using the rules from attachment
i finally got it man, THANK YOU! - i owe you one
1 Like
What username and password list did you use?
[★]$ hydra -L username.list -P password.list ftp://10.129.202.219 -t 64
Got mike that’s it. Logged in as Mike and only see Mike’s Id_rsa files.
correct, go back to the section about SSH - you should be able to use the id_rsa file to login
Hint:
ssh -i - command
But it’s Mike’s id_rsa and ssh asks for a password. 7*****7 doesn’t work. But I will try it again. Thanks!
Got it thanks!
I thought the same thing about the id_rsa file. It’s root. When you ssh in just use M**** password as the passphrase.
1 Like
brute force ftp with lists from resources on page HINT user:m**e
login to ftp with creds gained
download id_rsa
crack passphrase for ssh keys
login to ssh with ssh keys gained
check for prompt history