Bruteforce on rchitect

John the ripper as passowrd cracking tool

Wed, 13 Apr 2022 00:00:00 +0000

John the Ripper for Bruteforcing Link to heading

Case1: The zip passowrd cracking Link to heading

In below case there is zip file which require password to open.

──(rocky㉿kali)-[~/hckbox/node]
└─$ unzip newbackup.zip 
Archive: newbackup.zip
 creating: var/www/myplace/
[newbackup.zip] var/www/myplace/package-lock.json password:

This requires a password and we need to crack the zip with john to get passowrd.

As this is a zip file we need to use the script from John for converting this to a hash value. The scripts are usually located under /usr/share/john

Directory scan to identify the sub domains of website

Tue, 29 Mar 2022 00:00:00 +0000

Directory Scanning to identify the sub domains Link to heading

Using the gobuster fing the sub directories

gobuster dir -u http://10.10.10.88 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://10.10.10.88
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.1.0
[+] Timeout: 10s
===============================================================
2022/03/23 20:44:04 Starting gobuster in directory enumeration mode
===============================================================
/webservices (Status: 301) [Size: 316] [--> http://10.10.10.88/webservices/]
/server-status (Status: 403) [Size: 299] 

===============================================================
2022/03/23 21:01:06 Finished
===============================================================###### Login Credentials and Rabithole

As we found one sub directory, always run one more gobuster scan with new subdirectory url to find if any more sub directories are present.

Bruteforce using Hydra

Sun, 20 Mar 2022 00:00:00 +0000

Bruteforce using Hydra Link to heading

To use Hydra we need to mainly identify 4 Parameters:

<IP Address> = ""

<Login Page> = ""

<Request Body> = ""

<Error Message> =""

To identify these parameters, lets intercept the request with Burp.

Based on the intercepted values, I have filled the values for HTTPS site subdomain

= “10.10.10.43”

= “/db/index.php”

= “^PASS^&login=Log+In&proc_login=true”

=“Incorrect password.”

Now Formulate the bruteforce command using hydra. For using hydra always username is required. In this case we can give any fixed value. Remember to use “https-post-form” as its a ssl website.