Most passwords begin with a letter, so only consider passwords beginning with a letter. The module text mentions two different values for required password length (one of them is highlighted), so start with passwords that are at least as long as the longer length mentioned. Sort the resultant list, so you can remove duplicates and to make it easier to keep track of your progress. This will help you reduce the list from 187,775 words down to 52,445 words. There are at least 3 services on the box that can be used to brute-force the password with this list. A couple of services can be cracked with hydra (using max number of threads worked for me), another will require netexec (make sure to use --local-auth) or metasploit. I was able to crack them in 4 mins, 12 mins, 14 mins, and 36 mins depending on which tool I used.
Guys, just extract all the words starting with B-b from the file mut_password.list, and thatâs it. If youâre as exhausted as I am, message me directly â Iâll quickly reply and give you the password or help you find it. Good luck to everyone! Hereâs the command that worked for me:
hydra -l sam -P last.list -t 48 ftp://10.129.94.215
hey
hehy
This module needs ammended ASAP. I finally got the password it was expecting thanks to the hints in this thread from other users.
I feel like Iâve wasted so much time and learned nothing new.
The question is why âPW begins with a capital Bâ, based on what, this is the point.
The question is why âfilter the wordlist with only the B passwordâ and âtake the first 11k passwordâ, based on what, this is the point.
This worked out for me:
#quick port check
nmap -p- --max-rate 10000 10.129.202.64
#found port scan
nmap -sCV 10.129.202.64 -p 22,#and others found
#fastest to brute service
hydra -l sam -P mut_password.list ftp://10.129.202.64 -t 48 -vV