Could you explain me why ftp? what is the difference… is it possible to do more trys by using the ftp service?
Thanks, this help me a lot.
It is not beginnig with B anymore,am i right?
password begins with B you can follow some tips in the forum for faster results from @magic
yeah it worked,thanks
Hey everyone, after struggling for hours i managed to get the password for the user sam. Bruteforcing SSH password is very long … So you can use another service you can found on the system … like the FTP 
Also, you can reduce your muttated password file by creating a new file that contains only words that begins with the letter “B” (lowercase end uppercase) from the previously created “mut_password.list” file.
I also had to use -t48 and not -t64 with hydra …
This will make things a lot of easier and faster.
Good hacking everyone !
2 Likes
well , since about 60% of people reuse their passwords we can assume that Sam used the same password for different services.
This another module built to waste time. Its clear things like this are just a cash grab. You want to ensure the student has a grasp of password mutations and that is it.
I followed everything they taught in the module but still can’t find the password. I also tried shortening the list as suggested here but still no luck. When I use hydra even with -t 48 it stops because of connection errors and I can’t enumerate the whole mutated list. Any idea? I guess they changed the password.
- Use custom rules from the module.
- Create a mutated wordlist.
- Remove strings that are shorter than 10 characters.
- Remove strings that begin with a number.
- Remove strings that begin with “a/A” characters.
- Brute force ftp with hydra using 48 threads.
2 Likes
Felt like a complete waste. In addition to that, bruteforcing smb (instead of ftp) yields no results ( the correct passwords is false).
- Use “Hydra”, as it is the fastest compared to the rest of what I have experimented with.
- Use the small lettered flag “-l” so that it can accept only one Username, not a List of usernames.
- Brute force SSH(After you have Mutated/Ruled the password.list).
- Go watch Netflix series called “Wednesday”, because it will take a couple of hours to find the correct password :P.
(Have faith in my taste, it’s a wonderful Woe of a series
)
Hint: If you want to speedrun the question, the password starts with a capital B and it’s a DC Comic Character.
Go watch WEDNESDAY! & Happy Hacking…
Thank you! I agree that the concepts can be learned without bruteforcing more than 10 min.
Also,
on command 3 you forgot the > 7000mut_password.list
I’ve been struggling with this for hours. Somewhat annoyed.
I propose a new task:
- Grab that DC character everyone on this thread loves.
- Put it on a txt file
- Mutate that new file with their rule.
- bruteforce as it says
In less than 5 min you have your answer
7 Likes
The sad thing is that the answer is without cubes 
1 Like
please follow this advice from @lpinilla, it saved me wasted hours. Thank you so much!
This!!!
Thank you so much!!
Hello, I’m not new to this stuff, but I’m completely stuck. I followed the suggestions, but without success. Following the guide, I created the wordlist (around 50,000 passwords), and then I started using Hydra. SSH is giving me problems, so I opted for FTP. 48 threads are not stable; reducing it to 32 seems to work. I also followed the suggestions and removed some password types (e.g., @she12165). Since I didn’t get any results, I repeated the attack with the entire wordlist, which took more than an hour and a half. But I couldn’t gain access. I also think the password vaguely mentioned (DC) might have been changed because even after a few manual/hydra/ssh_login attempts, it doesn’t match. Can I write to someone privately for help?
1 Like
No idea why, but I had to use the pwnbox for the attack. The same attack from my machine over VPN did not work. The latest hints here are still valid. I just run a basic mutation for the password file given, make sure you strip out duplicate lines to speed up the process.