TryHackMe | Advent of Cyber 2023 | Day 3

ArcturusArcturus
3 min read

Day 3 : Brute-forcing Hydra is Coming to Town

Greetings! This is Day 3 of Advent of Cyber 2023 by TryHackMe, and we continue our exploration of this December month, learning new things and increasing our knowledge base.

Advent of Cyber


Today, we need to recover the control systems for which we need to retrieve the backup tapes. For that purpose, we have to hack the password that has been changed. Brute-Forcing is what we'll do today. Catch up with the story if you haven't already.
Start the Machine and connect with TryHackMe’s VPN or start the Attackbox. Open the link in a new tab after it is updated with the IP Address.

Our task for today is simple. We just have to understand things today. To solve the challenges, one is required to just follow the commands given, and for which thorough explanations have also been provided.

Generating the Password List

The numeric keypad shows 16 characters, 0 to 9 and A to F, i.e., the hexadecimal digits. We need to prepare a list of all the PIN codes that match this criteria. We will use Crunch, a tool that generates a list of all possible password combinations based on given criteria. We need to issue the following command:

crunch 3 3 0123456789ABCDEF -o combinations.txt
  • We have set the password length to 3 because the number of characters that can be input on the website is 3.
  • After executing the above command, we will have combinations.txt ready to be used for brute-forcing the website.

Using the Password List

We will use Hydra to test every possible password that can be put into the system. The command to brute force the above form is:

hydra -l '' -P combinations.txt -f -v 10.10.255.215 http-post-form "/login.php:pin=^PASS^:Access denied" -s 8000
  • All the information about the method, URL and PIN code value name have been gathered from the website's HTML code using the option to "View Page Source".
  • Brute-forcing these many(16*16*16=4096) passwords definitely takes time, and we expect it would take a few minutes, around 3-4 minutes. Hydra will stop when it has found a working password.

Ques: Using crunch and hydra, find the PIN code to access the control system and unlock the door. What is the flag?
Ans: THM{pin-code-brute-force}

  • We have used crunch to create the combinations.txt file, and hydra uses that file for it to work.
  • Hydra returns the password after brute-force which is working. Hydra outputs: password: 6F5
  • Using this password to login to the system shows us the above mentioned flag.

That's it for today! See you next time in a new walkthrough on a new day!
Thank you for reading!

0
Subscribe to my newsletter

Read articles from Arcturus directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Arcturus
Arcturus