{"id":33,"date":"2020-10-29T16:46:52","date_gmt":"2020-10-29T15:46:52","guid":{"rendered":"https:\/\/mikadmin.fr\/blog\/?p=33"},"modified":"2021-09-19T00:50:51","modified_gmt":"2021-09-18T22:50:51","slug":"tryhackme-hydra","status":"publish","type":"post","link":"https:\/\/mikadmin.fr\/blog\/tryhackme-hydra\/","title":{"rendered":"[TryHackMe] &#8211; Hydra"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span><p>Views: 862<\/p>\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/69208399c3fe8b0416103c51e291e117.png\" alt=\"tryhackme hydra\" class=\"wp-image-35\" width=\"308\" height=\"308\"\/><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-center\">Lien : <a href=\"https:\/\/tryhackme.com\/room\/hydra\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/tryhackme.com\/room\/hydra<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">[Task 2]<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"522\" height=\"49\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_1.png\" alt=\"\" class=\"wp-image-47\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_1.png 522w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_1-300x28.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_1-150x14.png 150w\" sizes=\"auto, (max-width: 522px) 100vw, 522px\" \/><\/figure>\n\n\n\n<p class=\"has-text-align-center\">Nous devons donc <strong>r\u00e9cup\u00e9rer le mot de passe<\/strong> web de <strong>molly<\/strong> en utilisant <strong><span style=\"color:#00d084\" class=\"tadv-color\">Hydra<\/span><\/strong>.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">hydra -l &lt;username&gt; -P &lt;wordlist&gt; 10.10.22.221 http-post-form &quot;\/:username=^USER^&amp;password=^PASS^:F=incorrect&quot; -V<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_3.png\" alt=\"\" class=\"wp-image-49\" width=\"334\" height=\"358\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_3.png 565w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_3-280x300.png 280w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_3-140x150.png 140w\" sizes=\"auto, (max-width: 334px) 100vw, 334px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:33px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center\">Nous avons donc un <strong>avantage<\/strong> qui est que nous <strong>connaissons d\u00e9j\u00e0 l&rsquo;utilisateur<\/strong>, ce qui permet de ce concentrer sur le <strong>mot de passe<\/strong>.<\/p>\n\n\n\n<div style=\"height:21px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"709\" height=\"108\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_15.png\" alt=\"\" class=\"wp-image-98\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_15.png 709w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_15-300x46.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_15-150x23.png 150w\" sizes=\"auto, (max-width: 709px) 100vw, 709px\" \/><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-left\">Il y a donc <strong>trois param\u00e8tres<\/strong> ajout\u00e9s par rapport \u00e0 la commande au dessus :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong><span style=\"color:#db0d13\" class=\"tadv-color\">molly<\/span><\/strong><\/li><li><strong><span style=\"color:#0714aa\" class=\"tadv-color\">\/usr\/share\/wordlists\/rockyou.txt<\/span><\/strong><\/li><li><strong><span style=\"color:#ff6900\" class=\"tadv-color\">login<\/span><\/strong> <\/li><\/ul>\n\n\n\n<p class=\"has-text-align-left\">Le premier \u00e9tant l&rsquo;<strong>utilisateur cibl\u00e9<\/strong>, le second \u00e9tant la <strong>wordlist<\/strong> choisie et le dernier la <strong>page<\/strong> o\u00f9 se situe le <strong>formulaire<\/strong>.<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center\">Bingo ! Le mot de passe de <strong>molly<\/strong> est donc <strong>sunshine<\/strong> !<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"673\" height=\"75\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_8.png\" alt=\"\" class=\"wp-image-66\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_8.png 673w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_8-300x33.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_8-150x17.png 150w\" sizes=\"auto, (max-width: 673px) 100vw, 673px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center\">Nous pouvons donc r\u00e9cup\u00e9rer le premier<strong> flag<\/strong>.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"459\" height=\"175\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/160399265321424586-1.png\" alt=\"\" class=\"wp-image-68\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/160399265321424586-1.png 459w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/160399265321424586-1-300x114.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/160399265321424586-1-150x57.png 150w\" sizes=\"auto, (max-width: 459px) 100vw, 459px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:46px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"515\" height=\"45\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_2.png\" alt=\"\" class=\"wp-image-71\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_2.png 515w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_2-300x26.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_2-150x13.png 150w\" sizes=\"auto, (max-width: 515px) 100vw, 515px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-text-align-center\">La derni\u00e8re \u00e9tape consiste \u00e0 r\u00e9cup\u00e9rer<strong> le mot de passe<\/strong> <strong><em><a href=\"https:\/\/mikadmin.fr\/blog\/how-to-change-the-default-ssh-port\/\" target=\"_blank\" rel=\"noreferrer noopener\">ssh<\/a><\/em><\/strong> de <strong>molly<\/strong> en utilisant <strong><span style=\"color:#00d084\" class=\"tadv-color\">Hydra<\/span><\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">hydra -l &lt;username&gt; -P &lt;full path to pass&gt; 10.10.22.221 -t 4 ssh<\/code><\/pre>\n\n\n\n<div style=\"height:29px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center\">En utilisant donc les <strong>informations \u00e0 disposition<\/strong>, la commande \u00e0 \u00e9x\u00e9cuter sera donc :<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"641\" height=\"85\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_12.png\" alt=\"\" class=\"wp-image-73\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_12.png 641w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_12-300x40.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_12-150x20.png 150w\" sizes=\"auto, (max-width: 641px) 100vw, 641px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center\">Bingo ! Nous avons \u00e0 pr\u00e9sent le mot de passe<strong> ssh<\/strong> de <strong>molly<\/strong>.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"678\" height=\"67\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_11.png\" alt=\"\" class=\"wp-image-74\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_11.png 678w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_11-300x30.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_11-150x15.png 150w\" sizes=\"auto, (max-width: 678px) 100vw, 678px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:31px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center\">Afin de r\u00e9cup\u00e9rer le <strong>dernier flag<\/strong>, il  suffit donc de se <strong>connecter<\/strong> \u00e0 la machine et de chercher un petit peu ! <\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"575\" height=\"522\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_14.png\" alt=\"\" class=\"wp-image-75\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_14.png 575w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_14-300x272.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/Screenshot_14-150x136.png 150w\" sizes=\"auto, (max-width: 575px) 100vw, 575px\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website&rsquo;s credentials. <a href=\"https:\/\/mikadmin.fr\/blog\/tryhackme-hydra\/\" class=\"more-link\">Continuer la lecture <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":45,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[4],"tags":[7,21,6,5,63],"class_list":["post-33","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-infosec","tag-bruteforce","tag-ctf","tag-hydra","tag-infosec","tag-writeup"],"aioseo_notices":[],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/33","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/comments?post=33"}],"version-history":[{"count":0,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/33\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media\/45"}],"wp:attachment":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media?parent=33"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/categories?post=33"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/tags?post=33"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}