The first command given to break down was "hydra -l <username> -p <full path to pass> MACHINE_IP -t 4 ssh"
The following table shows which option does what.
specifies the numer of threads
The next command, "hydra -l <username> -P <wordlist> MACHINE_IP http-post-form "/:username=^USER^password=^PASS^:F=incorrect" -V
The following table breaks each part in this command down.
indicator to use the password list
indicates the type of form
form field to enter the username
tells hydra to use the username
form field where the password is entered
uses password list supplied prior
login failed message indicator
if it appears on the page, its incorrect
Using the commands we learned, we are instructed to use Hydra to find Molly's passwords.
The first thing I did was go through my usr/share/wordlists folder to find my available wordlists that were already preinstalled. The one I ended up using for this exercise was rockyou.txt.
Hydra's output finding Molly's password. Using the command, "hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.100.155 http-post-form "/login:username=^USER^password=^PASS^:incorrect" -V" I used Hydra to brute force molly's password.
Going back to the web server available on this IP, I used the credentials given to login and capture the first flag.
To find Molly's ssh password, I used the command, "hydra -l molly -P /usr/share/wordlists/rockyou.txt".
The results from cracking Molly's ssh password. Using these credentials, I was able to login to molly's system.
Logging into Molly's system with the newfound credentials. From here, I was able to search around the directories to find the flag.
The flag I found by looking around Molly's system. Using "ls" to list the files in the current directory and then using "cat" to read the file found, I was able to find the second flag.
