Service Authentication Brute Forcing - SSH Attack

Hi There,

Hoping for some assistance.

I’m attempting the SSH Attack practical question for the Service Authentication Brute Forcing module. This is a two part question.

Part 1 - Using what you learned in this section, try to brute force the SSH login of the user “b.gates” in the target server shown above. Then try to SSH into the server. You should find a flag in the home dir. What is the content of the flag?

Part 2 - Once you ssh in, try brute forcing the FTP login for the other user. You should find another flag in their home directory. What is the flag?

Part 1 I have achieved - I’ve now got an ssh connection with the user b.gates and have retrieved the flag. Part 2 is telling me to use the rockyou-10.txt wordlist and the username of the other user to brute force credentials and then ftp connect the second user for the second flag.

The issue i’m facing is when running the command: hydra -l m.gates -P rockyou-10.txt ftp://46.101.81.30 -v

the following occurs.

image1026×419 137 KB

I’m stuck at this point and any hints would be great

Thanks.

Hey! You need to think on a local level for that question. Otherwise you could have bruteforced it without gaining ssh creds first.

Thank you I’ll try and apply thinking locally

Hey @seanconnolly90 , Have you solved the second question?

Out of curiosity how long did it take you all to do this one? Like did they stack it to where the password is in the top 50000 of rockyou.txt or does it just take days like the hacker101 petshop pro?

Nvm. It was actually super easy after actually paying attention. lol