Could use a little bit of help here, been stuck for days now.
The task is as follows:
Using what you learned in this section, try to brute force the SSH login of the user “b.gates” in the target server shown above. Then try to SSH into the server. You should find a flag in the home dir. What is the content of the flag?
I’ve been trying every single one of the password lists on the “b.gates” username now and there just hasn’t been a match. I’m not sure if I’m supposed to generate my own list like in the example before this assignment, but “cupp -i” is not even recognized on the Pwnbox, so I assume not?
Also when I try to Bruteforce SSH, arent I supposed to use port 22 instead of the long port given in the example? → 167.99.89.198:31064
Take note that some of these modules were written pre-pwnbox-armageddon. Sometime in December the awesome pwnboxes were shanked and never seen again. There is probably a very good reason for it, but it seems a lot of things are missing. Rant over.
Definitely give cupp a try, it would probably be there if you did this module right when it was released because the module even says that its pre-installed on the pwn boxes. Just do sudo apt install cupp
For your second question, if you were attacking a single machine, then yes technically you would use port 22. But I think to deliver these academic challenges they are using docker or something similar. So follow their example and use ssh://ip:port
The other thought would be if a company was forwarding port 22 to a five digit port like 34567. Then the situation would be the same.
Hopefully you can pull something helpful out of this. Sorry for the rant. Let me know how it turns out.
-onthesauce
I think the main thing that threw me off that I was unable to use cupp, as it was not installed OR that I’m unable to install anything myself as I cant access sudo (i think…?).
So the way I solved it was went to my own Kali Linux instance, installed cupp, made the list and copy pasted it to TMP in Pwnbox.
What a mess!
I still stucked in this challenge, i have tested using the default and recomended lists of keywords, and generate two keyword lists using cupp but they are both more than 3k words. I still testing, i am thinking this is not the best way.
I’ve been stuck in this question for a while now, I’ve tried everything I’ve found.
Making username lists with Bill Gates, Harry Gates, Harry Potter (Found this somewhere…), Melinda Gates.
Bruteforcing those with most of the shorted PW lists like ftp-betterdefaultpasslist.txt, rockyou.txt etc. to no avail
When you try to access the IP shown above, you will not have authorization to access it. Brute force the authentication and retrieve the flag. ← This question I mean