TryHackMe Hydra Official Walkthrough

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone welcome back to another video here on dark sack i am dark and today we're going to be taking a look at the room hydra on try hackney hydra is one of the core tools in your hacking repertoire and this is a nice quick little room that will teach you how to use a tool and get familiar with its syntax and one of the most important functions of hydra which is forcing web logins so hydra learn about learn about and use hydra a fast network logon cracker to brute force and obtain a website's credentials all right let's dive into task one hydra introduction so what is hydra hydro is a brute force online password cracking program a quick system login password hacking tool so what is that in english we can brute force things we throw a bunch of passwords at something and see what sticks and see what comes back and we what we can actually log in with we can use hydro to run through enlist and brute force some authentication service imagine trying to manually guess someone's password on a particular service so for example ssh a web application form so like logging into a website ftp or snmp uh snmp is not very common to see this used for uh these are gonna be the big ones that you're gonna use it for however it's good to know all the various things this supports we can use hydra to run through a password list and speed this process up for us determining the correct password and then you can see that there's a whole bunch of ways that we can use this here again the most important ones here are going to be hd p post uh forum post uh and some other things like that at ftp yeah you can dig through there and see a whole bunch of them and there's even some fun ones in here like teamspeak for more information you can go through and read that uh that is the cali tools page for it i believe hydra also has a main page which is really helpful however generally speaking whenever you're going to be using this you'll probably just google the syntax as you need it however once you get used to it it's pretty straightforward this shows the importance of using a strong password if your password is common doesn't contain special characters and or is not above eight characters it's going to be prone to being guessed 10 million password or 100 million password lists exist containing common passwords so it when an out of the box application uses an easy pass word to log on make sure to change it from the default uh this is actually one of the most common ways that uh when i'm working on penetration tests that we get into applications just trying the default password or if there's a known default password for an organization it's probably that often cctvs so close circuit tv cameras these are going to be used for security and web frameworks use admin for the username and then password for the password uh which is obviously not strong enough uh yeah those don't use those please don't we have password managers for a reason like lastpass and whatever one you want to use just use something better than that installing hydra so you don't have to worry about this you if you're using cali you can install this from i believe the app repository otherwise but honestly you should be using cali for this and if you are not that's kind of on you at that point read the above and have hydra at the ready we'll go and mark that as completed and then we're gonna dive into task two using hydra so to play the machine um in this case this is a dynamically generated ip address i've gone ahead and already deployed it before this this can take a couple minutes to boot one thing to note there's a web interface on this and we'll take a look at it here in a minute it's um it takes a moment to come up so if you are having issues with trying to use hydra against it give it a little bit longer and just make sure that the box is fully booted so hydra commands uh this is the base structure of what using hydra looks like so you have the hydra keyword the lowercase l which is gonna be your username this means you're using one username and you're not enumerating over the username so this would be for example admin or administrator or uh as we're gonna use later on molly uh if this were capital it means that we were going through a list of uh actual like a it's a list of usernames at that point uh same thing with this capital p here uh this means we're using a list of passwords in this case if we were using a lowercase p that means we're using just one password and then here at the end we have ftp colon forward slash forward slash and then the actual ip that we're attacking however we can do this another way uh the hydro syntax is pretty flexible and i'll show you how to do it another way here in a moment so uh this is one specific way that we can do it this is ssh and again we have the username here the full path to the password list in this case for this room we're going to be using rock u and i'm using it out of the default path on cali to make things easy dash t lowercase c is the number of threads that we're going to use you don't typically have to specify this as hydro takes care of the recommended amount of threads for you typically you will take note of how many threads hydra gives you by default and if you find that there's a bunch of issues like maybe the box is really slow to respond you're getting errors spit back at you you'll lower this from what it is and then the actual protocol so that is being taken from if we go back up here these are those protocols and this is actually typed out pretty much exactly how you would type them into hydra however these are typically all lowercase so ftp for example would be lowercase uh this is another example we have the web login form uh note the key difference here is this bit here at the end so we have our username and then our password list here the ip address and then we specify we're specifying that we're using an http post form so we're posting our information using that verb and if you're not familiar with that i would recommend checking out the web fundamentals room i do have another walkthrough on that on the dark side channel uh and you can get familiar with that post verb then we have the actual so the slash here before the colon is going to be the directory so in this case it'd be room and then hydra after the actual uh base website itself and then we have our parameters for logging in and we'll take a look at that in a moment uh this very last bit here at the end after that colon is going to be what failing looks like so hydra in order to attempt logging in needs to know what phrase is going to show up on the website when you fail to log in and then this last capital v is just verbose and we can see that's echoed down here so if the word incorrect appears in this case uh that means that we failed to log in perfect so we're going to jump into two quick questions here to find a uh to brute force a web password and then brute force an ssh password awesome let's go ahead and jump over to the website you can get to this by just clicking this link i already have it open here and we're greeted with a pretty simple website uh if i take a look at wapalizer let's see what it is looks like we're just using node with express so very simple room very straightforward we can see that we have a login panel though that has a username and a password with this we can actually what we want to do is turn on our burp proxy you don't necessarily have to do it for this room i'm going to demonstrate how you can get these parameters but we would turn on our burp proxy and then i want to capture a request to see how the username and password are sent now what i'm going to go ahead and do is switch over to burp and i've gone ahead here we'll turn intercept on and i'm going to take a page out of ipsec's book here go to dark star and then we'll do please subscribe and we're gonna try to log in with that and we can see our request is intercepted by burp which is what we wanted uh here at the bottom is however what we actually care about from this so we have the username equals and then we have our username and then our password equals the password this is going to be how the parameters are sent to the website we can take this and we're actually going to switch back over to our command line and we're going to see how we can use this to log in here in just a moment but before that we're actually gonna fail a login attempt so i'm gonna go ahead we will forward this just because we don't really need it and i'm gonna turn intercept off and we failed our login attempt so here we can see you're given this phrase your username or password is incorrect whenever we fail a login attempt so we can take this and i'm going to copy that and we'll go into the terminal and here we can see i've already got the command typed out but we're going to walk through this if i make it a little bit bigger as well and we're going to talk about what these sections are here again so first off we have the hydra phrase that's launching hydra then we have our username here again we're specifying just this one username since we're using lowercase l and then dash capital p to direct to go directly to our rock u worried list in this case uh one note if you have a fresh cali installation or you've never used rock u on your cali install you will need to extract this and it is going to be in this usr share word list directory and you can extract that here we'll do i believe it's tar xvf and then usr share wordless and then it should just be rock u dot tar.gz so uh you'll just need to go through and you should do tab completion at this point i think it's txt dot ah yeah uh do tab completion at this point this should be the command that you can go through and extract that with so we'll go up and here we can see that we have that commit again fully typed out so we have the path to our word list we have the ip that we're going to be attacking we're specifying that this is a post form and again that's going to be that post verb and then we have our information so this is at the slash login directory and we can see this up in the web browser and then colon username equals and this is where we put in our keywords for hydra so we have carrot user and all caps and then curate and then ampersand password which is our second the actual second parameter that we're sending that has that password contained in equals curate pass in all caps and then cure it and then we have colon and then this is our phrase that specifies that we failed to log in uh we need this again so that hydra knows that this isn't working chief so now that we've got that all typed out i'm going to go ahead and run this this one's actually pretty quick as is our next one so we can go through and we'll run this and we'll give it just a moment and there we go sure enough we can see that we have our username and then our password so let's go back to the website and then sunshine for that password and perfect we can see that we have our flag here i'm going to go ahead and copy this into the room and we can switch back over to the terminal to try to force that ssh flag all right switching over this one is significantly easier this is very very straightforward for ssh we can see here we have hydra and then our login again of mali the path to rock you and again make sure you extract that the ip that we're attacking and then ssh here very simple and we can go and run this and we'll give it just a moment this one doesn't take very long as well and we can see that her password is butterfly so we can use ssh molly at 10 10 0 2 2 3 and again your ip address will be different and we'll accept that fingerprint and then butterfly perfect and we can see that we have flag 2 and that is going to do it let's go ahead and copy that and we'll switch back over to the room and there we go that is going to do it for the hydra room if you have any questions feel free to join either i have both the try hack me official discord linked in the description as well as the dark sect discord uh if you like this content and want more follow me on twitter and subscribe to my youtube channel here and i will see you guys next time
Info
Channel: DarkSec
Views: 86,572
Rating: undefined out of 5
Keywords: infosec, tryhackme, box, hacking, learn, darkstar, darksec, educational, darkstar7471, try, hack, me, hydra, password, cracking, brute, force, bruteforce, walkthrough, tutorial, official
Id: 8fs_7bm88GY
Channel Id: undefined
Length: 12min 55sec (775 seconds)
Published: Wed Sep 23 2020
Related Videos
TryHackMe - Hydra Walkthrough (CompTIA PenTest+)
Richard Ardelean
2.4K
TryHackMe Introductory Research Official Walkthrough
DarkSec
249K
Brute Force Websites & Online Forms Using Hydra in 2020
Infinite Logins
139K
TryHackMe OhSINT Official Walkthrough
DarkSec
10K
How To Hack Login Services And Brute Forcing With Hydra Kali Linux Tools - 2023
InfoSec Pat
109K
TryHackMe! Basic Penetration Testing
John Hammond
2.4M
How to HACK Website Login Pages | Brute Forcing with Hydra
CertBros
1.1M
Hunt Down Social Media Accounts by Usernames Using Sherlock [Tutorial]
Null Byte
2M
TryHackMe - Hydra Walkthrough
Antoine Matthews
1.6K
TryHackMe Google Dorking Official Walkthrough
DarkSec
59K
TryHackMe! PickleRick - BYPASSING Denylists
John Hammond
281K
TryHackMe - Vulnversity Walkthrough
HackerSploit
65K
EASY Brute Forcing with Burp Suite and Hydra
Gary Ruddell
16K
Best FREE Vulnerability Scanner: Nessus Vs OpenVAS (Greenbone)
Pro Tech Show
22K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.