TryHackMe-HYDRA CHALLENGE

Task 1 Hydra Introduction:

What is Hydra?

Hydra is a parallelized network logon cracker built in various operating systems like Kali Linux, Parrot and other major penetration testing environments. Hydra works by using different approaches to perform brute-force attacks in order to guess the right username and password combination. Hydra is commonly used by penetration testers together with a set of programmes like crunch, cupp etc, which are used to generate wordlists. Hydra is then used to test the attacks using the wordlists that these programmes created.

1.Read the above and have Hydra at the ready.
Answer: Read and submit

Task 2 Using Hydra:

Q1:Use Hydra to bruteforce molly’s web password. What is flag 1?

The command to obtain flag 1 is given in below syntax.

> hydra -l <username> -P <wordlist> MACHINE_IP http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V

STEPS:

>Input the username as required in -l field, similar for -P field you need to input the password wordlists(use rockyou.txt or any similar wordlists).

>After executing the command you will get the password .

>Then navigate to the link given in description (http://MACHINE_IP)

>Enter the credentials obtained through bruteforcing.

>Flag 1 appears on the Webpage, this will be the answer for Q1.

Moving on to Next Question,

Q2:Use Hydra to bruteforce molly’s SSH password. What is flag 2?

The command to obtain flag 2 is given in below syntax.

hydra -l <username> -P <full path to pass> MACHINE_IP -t 4 ssh

STEPS:

>Input the username as required in -l field, similar for -P field you need to input the password wordlists(use rockyou.txt or any similar wordlists).

>Now we will obtain the password for ssh login.

>Login using ssh username@MACHINE_IP

>Now use ls and cat to obtain flag2.

Thank You!!