Ho Ho Ho Merry Christmas 🎅🎄 - TryHackMe Advent Of Cyber 2023 - Day 3

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone welcome to the advert of cyber 2023 this is day three and my name is Patrick Gorman also known as infos Pat on YouTube or any kind of platform so I'm super thrilled to be a part of the try hack me adver of cyber 2023 and if you guys aren't familiar with this every single day there's a new challenge for beginners so we're going to take day three today you know we're going to go through some fun stuff and learn how to use Hydra and crunch and a whole bunch of other fun stuff so let's get into the video and let's have some fun all right everyone so here we are on my desktop so today is day three so it's Hydra coming into town so it's brute forcing so we're going to learn how to use some kind of Brute Force technique and yeah that's what we're going to be learning today so the story today we're going to be talking about so everyone was shocked to the discover that several uh that several critical systems were locked but the chaos didn't stop there the doors to the it rooms and related Network equipment were also locked so everything was locked and into the Mayhem during the lockdown the doors suddenly closed on the on detective Frosty or FR however you say that name I might be bushing it all right so as he tried to escape his arm got caught and he ended up losing it uhoh he lost his arm he's now determined to catch the perpetrator no matter what the cost is or no matter the cost right so it's see so it seems that whoever did this had one goal to disrupt business operations and stop the gifts from being delivered on time so pretty much they were trying to make those kids suffer right so now the team must result to backup tapes and Recovery to recover the systems that's always good right you have to make sure you have your backups always in place go a bid a tragedy happens we have something to restore to all right so to their surprise they found out they cannot unlock the door the password to the Access Control Systems has been changed the only the only solution is to hack your way in pretty much we have to get in to this machine or to this uh uh room through breaking in right so let's go down here the learning objectives here are to under after after we learn about this we're going to be understand we will understand you know password complexity and the number of possible combinations right how the number of com how the number of possible combination effects the Fe so pretty much we have to see how many possible passwords that we can use to Brute Force this attack gener generating password uh combination using Crunch and then trying to crack them or trying trying trying out passwords automatically Us in Hydra right so as we come down here you know so we can see how many different pass how many different passcodes can we have how many different passwords can be generated and how does how long does it take to find the password to Brute Force right by Brute Force excuse me all right so counting the PIN codes this is a lot of reading I must say so if we come down obviously we have an ATM machine here so consider a scenario where we need to select a pin code of four digits how many four-digit pins you know are there the total combination is 10,000 right so 0 00001 all the way to 9999 and that's 10,000 and total right so mathematically speaking uh that is 10 * 10 * 10 * 10 or simply 10 to the 4th power right so different PIN codes can be you know made up of these four digits so let's keep going down so counting the passwords and as you can see here the password length right so 4 6 8 10 12 14 16 so allowed characters uppercase lowercase digits so there's about 14, 700,000 7 uh 14 m776 3 uh 336 right and the next one's uh 56 billion and so on and so forth you can see you you get the gist here right so if we see like how long this actually takes this can take ages right so as we can come down let's see so here we go with this little guy trying to get a code to get into the the uh the door here so now we can have some fun right now let's break our way in so moving forward let's review the questions in in the connection card shown below so as we can see here we can click on the machine I already did all that we can start the attack box I did that as well so on both machines I've stated so let's we're going to go ahead and visit uh HTTP in my case 10.10.4 218 colon 8000 so let's go ahead and do that let's go ahead and open up a web browser on our attack machine just want to make sure you guys can see that I may have to zoom out a little oh I think you guys can see it I was just trying to make sure you it can be shown so it's in my case 10.10.4 218 colon 8000 okay let's just go there let's X out of here all right so let me see if I can make this a little bigger all right okay so that's inside of the VM perfect so let's see what we we have here throughout the task throughout this task we will be using the IP address of the virtual machine 10.10.4 218 all right so that's fine and it's hosting the login page so this is the login page so you can notice that the display is shown three digits all right yeah so like we don't know this code right right we don't know it because we're probably have to brute force it with like Hydra and and with crunch what crunch does it creates passwords right so we can create combinations of passwords whatever we need it to be okay so let's keep going down all right so here we go generating the password list all right so the numeric pass code uh a keypad shows 16 characters right one uh 0 to 3 7 a b CDE e f right so 4 8 12 16 yes correct 0 to 9 and a to F right so the heximal the hexadecimal digits we will need to prepare a list of all the PIN codes that match this criteria right so we will use crunch a tool that generates a list of all possible passwords right password combinations based on a given criteria right so we need to uh issue the following command so for example we'll issue this command and we'll get a so let's go ahead and open up a terminal here on our right hand side let's make this bigger okay so the the command above specifies the following three for the pretty much three for the number is the minimum right so we want three to be the minimum length of the password generated uh three the uh 3 the second number right is the maximum length of the generated password and then all these combinations because that's everything that's on the the keypad and this would be you know is set the character use is the character set to use the generated to generate the passwords right so to das zero is going to be the output file so 3 digits. txt is going to be our files that the file that we actually saved right so if we come out here we can actually run this so let's just go ahead and run this let's copy this let's go ahead and click on the whoops what did I just do just come down again I'm sorry all right so we can click on this little thing this little arrow and we can paste it and then let's come here and then paste it here let's go ahead and bring this in see if we paste and hit enter and this is going to go ahead and create that so now if I do an LS we should have three digits so if I cat that we can see a whole bunch of different combinations cool all right so we have that generated after executing we should have this file we do and that's what we're going to be brute forcing against the website all right so now using the password list and now this is where I guess more fun happens manually trying out you know each pin will take ages right imagine doing every single pin combination that'll take forever luckily we have an automated tool that can generate old these digital these digit combinations all right so we're going to be trying this out with Hydra okay before we start we need to find the the pages HTML code all right so let's go back to our oh that opened up a new one I'm sorry I didn't want to do that all right so let's just open up here so we can rightclick on the web page and inspect or view page source and let me make this a little larger so it can be easier to read all right so the method is post right so we're going to look at the login so let's go ahead we should see that somewhere here let's um so it's going to be 26 yep right here okay perfect perfect and then there's a pin right here awesome cool we are golden so we see that the pin all right so in other words the main the main login page is 10.10 yes. 4.28 receives the input receives the input from the user and sends it to the login login.php using the name pin okay cool I get it these three pieces of information which is post.php and pin are necessary to set the algorithms or set the arguments sorry for Hydra okay so let's go back to our Command command line all right so literally this is the whole command so it makes it super easy for us so we can copy that all right so let's paste that here let me uh go ahead and paste that perfect and now let's paste that let me close this paste that here so what are we doing here so we're using Hydra we're using the SL L /-l and then we're using the password list that we generated from 3 digits. txt and then we're just putting in the parameters that we we we have given you know all right so let's just hit enter here and this is going to go ahead and utilize that and see if we can find the code using this three digits. txt right so while this is doing it we'll see what these these commands actually are doing Hydra is the application- L indicates that the log on is blank because we don't have a login page right so- p three digits is specifying the file for the password that we're utilizing F so this stop once it finds the password that we are looking for it stops it right if it forces stop it stops that right the- V provides robust output you know for for catching any any errors right so I obviously the IP address for our our site is 10.10.4 218 the post excuse me http-post dform specifies the HTP method to use right because this is what we're utilizing and slash SL login.php colon pin equals pass or you know upper carrot I I don't know what you really call this upper carrot I guess I don't know um pass upper carrot colon AIS denied so these are you know three separate parts and it separates by the colon right and all right let's see pin oh I guess once it once it finds the pin we're going to replace pass with the pin okay access denied indicates that invalid passwords will lead to the page okay perfect all right and then the dash s 8000 specifies the port that we are running on okay cool so in the meantime they let this run it'll take about 3 minutes and it maybe it took me 3 minutes to read that I'm a slow reader I'm sorry so awesome so here we have the host and here we have the code I don't know if you can see that let me Zoom that in a little bit more I guess I can't really Zoom that in can I perfect so right here is the password 6 F5 okay so now if we come down here and we answer the question so let me just let me complete part two and now let's find the flag so let's go back to not that I don't know why that opened and let's come back here and what was it I forgot already uh 6 F5 6 F5 so let's come here six F5 continue okay 16 unlock the door and boom we are in so let's see if you can see that the the the flag is H uh try hack me or th uh THM pin code Brute Force so let's go ahead and copy this whoops copy and let's bring it here let's see if I can do this okay and paste and submit and we are golden so that was day three I really hope you guys enjoyed this it was a fun task I learned something I think we all learn something every day from doing different techniques and different rooms on try hackme it's an awesome product so stay tuned for more and enjoy the rest of your journey thank you so much

Info

Channel: InfoSec Pat

Views: 16,507

Rating: undefined out of 5

Keywords: tryhackme tutorial, tryhackme review, tryhackme king of the hill, tryhackme nmap, tryhackme walkthrough, advent of cyber 2023, infosec pat, hydra password crack, oscp prep, tryhackme, tryhackme aoc walkthrough, advent of cyber, cyber security, learn cybersecurity, tryhackme tutorial beginner, advent of cyber 2023 day 2, advent of cyber day 3, advent of cyber 2023 day 3

Id: UKAchyX7kDY

Channel Id: undefined

Length: 16min 23sec (983 seconds)

Published: Sun Dec 03 2023