Service Authentication Brute Forcing


Could use a little bit of help here, been stuck for days now.

The task is as follows:
Using what you learned in this section, try to brute force the SSH login of the user “b.gates” in the target server shown above. Then try to SSH into the server. You should find a flag in the home dir. What is the content of the flag?

I’ve been trying every single one of the password lists on the “b.gates” username now and there just hasn’t been a match. I’m not sure if I’m supposed to generate my own list like in the example before this assignment, but “cupp -i” is not even recognized on the Pwnbox, so I assume not?
Also when I try to Bruteforce SSH, arent I supposed to use port 22 instead of the long port given in the example? →


Take note that some of these modules were written pre-pwnbox-armageddon. Sometime in December the awesome pwnboxes were shanked and never seen again. There is probably a very good reason for it, but it seems a lot of things are missing. Rant over.

Definitely give cupp a try, it would probably be there if you did this module right when it was released because the module even says that its pre-installed on the pwn boxes. Just do sudo apt install cupp

For your second question, if you were attacking a single machine, then yes technically you would use port 22. But I think to deliver these academic challenges they are using docker or something similar. So follow their example and use ssh://ip:port

The other thought would be if a company was forwarding port 22 to a five digit port like 34567. Then the situation would be the same.

Hopefully you can pull something helpful out of this. Sorry for the rant. Let me know how it turns out.

Hey thanks alot man, I got it!

I think the main thing that threw me off that I was unable to use cupp, as it was not installed OR that I’m unable to install anything myself as I cant access sudo (i think…?).
So the way I solved it was went to my own Kali Linux instance, installed cupp, made the list and copy pasted it to TMP in Pwnbox.
What a mess!

Nice! Glad you got it. For the future, look in the Desktop folder. There are creds in there.

HI both!

I still stucked in this challenge, i have tested using the default and recomended lists of keywords, and generate two keyword lists using cupp but they are both more than 3k words. I still testing, i am thinking this is not the best way.

Hey Amaro,

Which question are you on? The first or the second?

1 Like

Forget it i have just resolved my doubt, the key was the cupp and go into the previous lesson, but thank you both!
(I was in the first)

1 Like

I’m now stuck in the Skill Assesment - Website. Can’t seem to find the username, any tips where to start looking?

Hey smume,

What part? I believe that one is a two question skill assessment.

I’ve been stuck in this question for a while now, I’ve tried everything I’ve found.
Making username lists with Bill Gates, Harry Gates, Harry Potter (Found this somewhere…), Melinda Gates.

Bruteforcing those with most of the shorted PW lists like ftp-betterdefaultpasslist.txt, rockyou.txt etc. to no avail

When you try to access the IP shown above, you will not have authorization to access it. Brute force the authentication and retrieve the flag. ← This question I mean

DM me the hydra line you are using to brute force it.