Tanner Jones @all-tech-guy
Welcome to the walkthrough of the hydra room for the CompTIA Pentest Plus certification on tryhackme. First off, I would like to congratulate you on your desire to increase your skills! After all, that is why I am writing this article. In addition, I will outline what hydra is and why it is used. I will also provide a step-by-step tutorial on how to complete the room.
Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. (source) Hydra is a powerful tool that allows you to brute force webpage logins, ssh protocols, and that is only the beginning. You can click here to see all of the protocols that hydra can take advantage of, but for this walkthrough, we are going to use http-post-form and SSH. Without any further ado, lets get crackin’!
First and foremost, let’s discuss the reconnaissance. The nmap scan has the following results. Port 80 is running a webpage and port 22 is running the service SSH.
Open a web browser and type in your machine’s IP address.
You are welcomed by the Hydra Challenge web page. It has a login and password form. This is the webpage that we will use to brute-force the credentials using hdyra.
The room demonstrates a few examples of hydra commands to use, but if you have any questions, just remember you can use the “help” command in the terminal.
The command above needs a few changes:
<username> = molly → the room provided this information
<wordlist> = rockyou.txt (note: need to provide the directory)
change → /:username… to → login/username… this is the POST webpage where the login page is located.
The “http-post-form” parameter can be modified if needed. In this situation, the POST and GET methods are most commonly used.
- A GET request is used to communicate to the server to ‘get’ information, such as a JS file.
- A POST request is used to send data to a web server, like adding a comment or performing a login.
For this example, we are performing a login so we will use a POST request.
Run the command:
Hydra will use the password list rockyou.txt to try passwords with the username: molly.
Return back to the login page and enter the username: molly and password. Flag #1 will appear! Congrats! I don’t know about you, but I am feeling pretty good right about now!
Don’t you wish you had a flying Pegasus?
Now onto task #2 → using hydra to crack the SSH password. We already know the username. Enter the following command in the terminal:
Hydra will use the same rockyou.txt file to crack the SSH password.
Now that you have the password, it is time to connect the host remotely over SSH. Run the following command:
You will need to type “yes” to accept the connection and then enter the password. Yes, it is that easy… That is why strong passwords are necessary! Now in your current directory the Flag #2 is a .txt file.
That completes the walkthrough! Thanks for reading, and I hope that this helped you understand the importance using strong passwords and getting you one step closer to becoming a pentester!