Password Attacks - Password Mutations - Banging Head Against Wall!

1

Hot on the heels of my last post this module is like wading through treacle! Surely no-one else is as dumb as I am at these things! :sob:

So can I get this mutated password list to work agains the target??? No I cannot!!

As far as I can tell I have mutated the password list as per the instructions using the provided resources (custom.rule etc) but when I come to run hydra using the command below I am not getting any password hits.

Screenshot 2024-06-21 162843
Screenshot 2024-06-21 1628432211Ɨ517 109 KB

Iā€™ve tried this using my Parrot VM, Kali VM and the built in pwnbox to no availā€¦ please someone end this misery! :sweat_smile:

2

it says:

brute force the password for the user ā€œsamā€.

and you are using the whole list thatā€™s why itā€™s taking foreverā€¦
brute force from pwnbox ftp:// not ssh:// it will be faster and use many tasks with a flag -t 50

you can also split a big file into 10k lines and try one by one, if you get lucky youā€™ll get a fast hit.
split -l 10000 mut_password.list mut_passwd_

3

It finally worked!! Thank you @hackernotone!! :blush: Iā€™m definitely starting to realise that HTB can be a bit glitchy and inconsistent at times and that things may work within the built in pwnbox that wonā€™t work in a local VM.

Iā€™d seen a post from someone else with this same issue who had been attempting FTP and was advised to use SSH but for me FTP has worked this time so go figure! I can finally move on with my life! :joy:

1 Like