☄️Remote Password Attacks
Network Services
🗺️CrackMapExecConnect through xfreerdp:
we may also get the following error describing that the server has sent an invalid reply.
This is because we most likely have an outdated version of THC-Hydra that cannot handle SMBv3 replies. To work around this problem, we can manually update and recompile hydra
or use another very powerful tool, the Metasploit framework.
Password Mutations
Considering that many people want to keep their passwords as simple as possible despite password policies, we can create rules for generating weak passwords.
We can use a very powerful tool called Hashcat to combine lists of potential names and labels with specific mutation rules to create custom wordlists.
We can also create a wordlist based on potential words from the company's website and save them in a separate list with CeWL
Create a mutated wordlist using the files in the ZIP file under "Resources" in the top right corner of this section. Use this wordlist to brute force the password for the user "sam". Once successful, log in with SSH and submit the contents of the flag.txt file as your answer.
Here is a list of known default credentials DefaultCreds-Cheat-Sheet.
Hydra syntax to try credential stuffing ->
Use the user's credentials we found in the previous section and find out the credentials for MySQL. Submit the credentials as the answer. (Format: :)
I first get the list ->
Then i adapt the content of the list to mysql ->
Then i manually change the list to fit to the template used for password username:password ->
then i forward the ssh connection ->
then i open new tab and launch the following with my msql list ->
Last updated