Password Attacks - Password Reuse / Default Passwords

Hey guys,

I’m stuck on "Use the user’s credentials we found in the previous section and find out the credentials for MySQL. Submit the credentials as the answer.

My question is, are we suppose to SSH into sam’s host and dig around for credentials? I’ve tried searching into config files, ssh keys, etc, but am getting permission errors.

Or are we suppose to use credential stuffing ( hydra -C <user_pass.list> ://) using a file with user:pass as explained in the module ? I created a file with sam, kira, will and default sql usernames. So for every line in the file i have sam:pass. kira:pass, root:pass. admin:pass etc. (pass being Sam’s password discovered in previous module) I mutated this list using rules and then tried to use Hydra with no success. Am i completely missing the ball on this one? Any guidance is appreciated.

Hey Mike - you’re on the right path. Login as S** try the defaults for m****. Don’t try anything too long-winded/hard (like i did, and waste time). The way some of these questions are worded is a pain. Need anymore help, feel free to DM me.

1 Like

Need some help with this… I’m on the target through ssh but don’t see any credentials

Once you are on the target via the previous found credentials using ssh, you need to login to the mysql service. All the information needed can be found on the page!
Just read it again and again, follow the links and check extra information :wink:

1 Like

Why is my port 3306 closed?

No idea. Refreshed your attack box? Ask HTB support if it doesn’t work :+1:

For those that were struggling like me and had to take a break;)
You need to ssh into the machine with the previous account, sam.
After that, you need to connect to the service MySQL, the service is not exposed, but if you run a ps aux | grep mysql you can see that is running;)
If you follow everyone’s suggestions, you will for sure make it;)
GL, you will need it.

I’m stuck here. I logged in with the user and his password I found in the previous task. Now I don’t know how to access mysql or get the password. Mysql does not use a default password. How I’m I supposed to find this?

Maybe you should follow a link which can be found on the page.

1 Like

EDIT: nvm!

Finally, got it. This was extremely frustrating, because the wording of the question is infuriating confusing imo. But anyway, for people who are also stuck:


dude the passwords on that list are not working… what am i doin wrong?

For those who want to use hydra to solve the task:

  1. MySQL, port 3306, is not publicly accessible. An SSH port forwarding is soldered for this. (if you are logged into ssh, enter this command to see internal services: ss -tulpn). It can be seen that port 3306 is active in localhost.

2.) ssh -L 4444:localhost:3306 s**@<IP_Target>
3) check via browser port forwarding active: localhost:4444
4) brute force it via hydra, use mysql default credits list
→ hydra -C login.list mysq://localhost:4444

1 Like

I am here to help others to avoid wasting their time. The question says you need to write in the form of <>:<> BUT you need to insert the answer without <> like user:pass. So you need to answer username:password
I lost one hour due to this even if the answer was correct

1 Like

For the guys who followed the suggestions but still didnt get what’s going on :

You cant really “access” mysql at the end, so far as I’ve done. But, login attempt with correct username:password gives you a slightly different error message. Look carefully into it, you’ll get it.

really read the page again and look for the default credentials

Install the tool that is provided in the link, then search for mysql default credentials.

read the list what wfsahuo3 provided scroll down to mysql section the default
username:password are there.

1 Like

Some help also here:

  1. Download csv mentioned in @wfsahuo3 reply
  2. Go to Excel, filter out all rows contains empty field or <blank>
  3. Copy the “username,password” field to vscode as CSV format.
  4. Replace all “,” with “:”
  5. SSH port forward localhost 3306 to localhost 3306
  6. hydra -C
  7. enjoy.
1 Like

i am getting a error access denied to sam@localhost

  • SSH using sam’s credentials(found previously).
  • No need to go around the machine, checking every single folder/file and flipping tables.
  • Show us your OSINT skills and search for default credentials for MySQL.
    Happy Hacking!