Day 3 - “Hydra is Coming to Town”
The primary objectives of this challenge were :
- Password complexity and the number of possible combinations
- How the number of possible combinations affects the feasibility of brute force attacks
- Generating password combinations using crunch
- Trying out passwords automatically using hydra
In this task we were provided with the length of the password and the possible characters, and we had to find the password by bruteforcing .
We first generated the list of all possible passwords using crunch , then we inspected the source code of the login page and collected the required information like the method used, the url and the variable used to send our password, then we used hydra to bruteforce the password with the help of the information we gathered and the password list we generated.
A brute force attack is when the attacker tries all possible combinations of passwords to gain unauthorized access to a system or information. Normally if you try to perform this you might get locked out after a couple of tries, but if you capture the hash of the password then you can take your time and crack it offline without getting interrupted.
It is not always practical to try all the different combinations of passwords manually, this is were crunch and hydra comes handy , you can generate a file containing all possible passwords using crunch and with the help of hydra you can automatically try out all passwords from the file .
Here is the walkthrough of Day 3.
No comments:
Post a Comment