Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website’s credentials, It is very fast and flexible, and new modules are easy to add.
This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
Hydra is a brute-forcing tool that helps penetration testers and ethical hackers crack the passwords of network services. Hydra can perform rapid dictionary attacks against more than 50 protocols. This includes telnet, FTP, HTTP, HTTPS, SMB, databases, and several other services.
Link : https://tryhackme.com/room/hydra
Machine Used : Parrot OS
Installed size: 956 KB
How to install: sudo apt install hydra
This command will directly install hydra from repositories
- Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab enviroment.
2. First deploy the machine attached to the room. The IP of room will be v visible at the top of the page once the machine is booted.
Read all that is in the task. Start the attached machine.
Once the machine is deployed open firefox and navigate to http://MACHINE_IP
1.1 Use Hydra to bruteforce molly’s web password. What is flag 1?
We can use Burpsuite to intercept the POST Request first we try to put common credentials like “admin:admin”
According to the question the username is molly and we now need to find her password with Hydra,
We will use the command:
hydra -l molly -P rockyou.txt <MACHINE_IP> http-post-form "/login:username=^USER^&password=^PASS^:Your username or password is incorrect."
We got the 1st FLAG! login with these credentials and you will find the flag.
1.2 Use Hydra to bruteforce molly’s SSH password. What is flag 2?
We will use the command:
hydra -l molly -P rockyou.txt <MACHINE_IP> ssh -V
We Got the PASSWORD!
Log-in to Molly’s server using her SSH credentials:
ssh molly@<MACHINE_IP>
We Got the 2nd Flag !
Now we have all our ingredients let’s submit it and we have successfully completed our CTF !!
Keep Trying, Keep Working 🙂
Thank you for Reading!!
Happy Hacking
Follow me more to get more tips and tricks! 🙏
