Brute-forcing passwords with Hydra

Hello, In this article you will find the solutions for the Hydra room on Try Hack Me. Link: Almost every bruteforcing or cracking task from HackTheBox/TryHackMe uses the rockyou.txt wordlist. You can google it and download it, if you can’t find it in your Kali distro under the path /usr/share/wordlists/rockyou.txt.gz If you’re using Kali then you have Hydra already installed, all you have to do is run two commands: Flag 1 Run the following command, the password should be cracked in less than one minute. ...

February 29, 2020 · 1 min · Denis Nuțiu

Hack The Box – Bitlab

Hello, Here’s how I’ve solved the Bitlab machine on Hack The Box. Gitlab Access As usual we start of with a nmap scan: 1 2 3 4 5 6 7 8 9 10 11 12 root@kali:~# nmap -p- -sV 10.10.10.114 Nmap scan report for 10.10.10.114 Host is up (0.044s latency). Not shown: 65533 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 80/tcp open http nginx Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 221.44 seconds The scan shows an nginx web server and ssh. If we visit the web server we’ll find a Gitlab instance. Gitlab is used by developers to host their source code. I tried searching for exploits but nothing came up. ...

December 16, 2019 · 4 min · Denis Nuțiu