tryhackme.com
Open in
urlscan Pro
2606:4700:10::ac43:1b0a
Public Scan
URL:
https://tryhackme.com/room/hydra
Submission: On June 28 via manual from US — Scanned from DE
Submission: On June 28 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST /feedback
<form method="post" action="/feedback" id="roomFeedbackForm" class="d-none mt-3">
<input type="hidden" name="_csrf" value="iGq2TXEb-QgPsv5H6jeoYhp5lJ1HDtVbyf7c">
<input type="hidden" name="roomCode" value="hydra">
<input type="hidden" name="type" value="rooms">
<input type="hidden" name="redirect" value="json">
<div class="form-group">
<label class="mb-0" for="like">What do you like about the room?</label>
<textarea type="text" name="like" id="like" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="dislike">What don't you like about the room?</label>
<textarea type="text" name="dislike" id="dislike" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="details">Please send your suggestions, ideas and comments!</label>
<textarea id="details" type="text" name="details" class="form-control" style="padding: 5px;"></textarea>
</div>
<button type="submit" id="submitBtn" class="btn btn-success">Send Feedback</button>
</form>Text Content
We use cookies to ensure you get the best user experience. For more information
contact us. Read more
Got it!
* Learn
* Compete
King of the Hill
Attack & Defend
Leaderboards
Platform Rankings
* Networks
Throwback
Attacking Active Directory
Wreath
Network Pivoting
* For Education
Teaching
Use our security labs
Create Labs
Upload & Deploy VMs
* For Business
* Login
* Join Now
* Learn
* Compete
King of the Hill
Attack & Defend
Leaderboards
Platform Rankings
* Networks
Throwback
Attacking Active Directory
Wreath
Network Pivoting
* For Education
Teaching
Use our security labs
Create Labs
Upload & Deploy VMs
* For Business
* Login
* Join Now
3139
HYDRA
Start AttackBox
Use Kali Linux
Web-based Kali Machine
Use AttackBox
Recommended
Show Split View Cloud Details Awards Help
Clone Room Writeups Reset Progress Leave
Learn about and use Hydra, a fast network logon cracker, to bruteforce and
obtain a website's credentials.
To access material, start machines and answer questions login.
* Chart
* Scoreboard
* Video
* Discuss
* Writeups
* More
Difficulty: Easy
Rank Username Total Score
DISCORD
Come join our Discord server for support or further discussions
FORUM
Search our forum for pre-existing threads about this room, or create your own!
hydra writeup by madstersogood
Hydra-TryHackMe by create
Hydra TryHackMe by lifeofdekisugi
Hydra-TryHackMe by sanz
Hydra walkthrough by cyberWorldCloads
hydra write-up by civilwaryank
Hydra-THM-Writeup by tzero86
Hydra writeup by intrusion
Hydra - TryHackMe by Etehen
Hydra TryHackMe Writeup by althemier
Hydra-Writeup by ryd3r
[FR] TryHackMe - Hydra by Mikaa
Add Writeup
Submit
Writeups should have a link to TryHackMe and not include any passwords/cracked
hashes/flags
This is a free room, which means anyone can deploy virtual machines in the room
(without being subscribed)! 92420 users are in here and this room is 1226 days
old.
Created by tryhackme and cmnatic and strategos
Hydra | DarkStar7471 • Sep 24, 2020
Source: YouTube
Active Machine Information
Loading...
Loading...
Loading...
Loading...
0%
Task 1 Hydra Introduction
WHAT IS HYDRA?
Hydra is a brute force online password cracking program, a quick system login
password “hacking” tool.
Hydra can run through a list and “brute force” some authentication services.
Imagine trying to manually guess someone’s password on a particular service
(SSH, Web Application Form, FTP or SNMP) - we can use Hydra to run through a
password list and speed this process up for us, determining the correct
password.
According to its official repository, Hydra supports, i.e., has the ability to
brute force the following protocols: “Asterisk, AFP, Cisco AAA, Cisco auth,
Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET,
HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET,
HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB,
MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,
PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB,
SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion,
TeamSpeak (TS2), Telnet, VMware-Auth, VNC and XMPP.”
For more information on the options of each protocol in Hydra, you can check the
Kali Hydra tool page.
This shows the importance of using a strong password; if your password is
common, doesn’t contain special characters and is not above eight characters, it
will be prone to be guessed. A one-hundred-million-password list contains common
passwords, so when an out-of-the-box application uses an easy password to log
in, change it from the default! CCTV cameras and web frameworks often use
admin:password as the default login credentials, which is obviously not strong
enough.
INSTALLING HYDRA
Hydra is already installed on the AttackBox. You can access it by clicking on
the Start AttackBox button.
If you prefer to use the in-browser Kali machine, Hydra also comes
pre-installed, as is the case with all Kali distributions. You can access it by
selecting Use Kali Linux and clicking on Start Kali Linux button.
However, you can check its official repositories if you prefer to use another
Linux distribution. For instance, you can install Hydra on an Ubuntu or Fedora
system by executing apt install hydra or dnf install hydra. Furthermore, you can
download it from its official THC-Hydra repository.
Answer the questions below
Read the above and have Hydra at the ready.
Login to answer..
Task 2 Using Hydra
Start Machine
Deploy the machine attached to this task, then navigate
to http://MACHINE_IP (this machine can take up to 3 minutes to boot)
HYDRA COMMANDS
The options we pass into Hydra depend on which service (protocol) we’re
attacking. For example, if we wanted to brute force FTP with the username being
user and a password list being passlist.txt, we’d use the following command:
hydra -l user -P passlist.txt ftp://MACHINE_IP
For this deployed machine, here are the commands to use Hydra on SSH and a web
form (POST method).
SSH
hydra -l <username> -P <full path to pass> MACHINE_IP -t 4 ssh
Option Description -l specifies the (SSH) username for login -P indicates a list
of passwords -t sets the number of threads to spawn
For example, hydra -l root -P passwords.txt MACHINE_IP -t 4 ssh will run with
the following arguments:
* Hydra will use root as the username for ssh
* It will try the passwords in the passwords.txt file
* There will be four threads running in parallel as indicated by -t 4
POST WEB FORM
We can use Hydra to brute force web forms too. You must know which type of
request it is making; GET or POST methods are commonly used. You can use your
browser’s network tab (in developer tools) to see the request types or view the
source code.
sudo hydra <username> <wordlist> MACHINE_IP http-post-form
"<path>:<login_credentials>:<invalid_response>"
Option Description -l the username for (web form) login -P the password list to
use http-post-form the type of the form is POST <path> the login page URL, for
example, login.php <login_credentials> the username and password used to log in,
for example, username=^USER^&password=^PASS^ <invalid_response> part of the
response when the login fails -V verbose output for every attempt
Below is a more concrete example Hydra command to brute force a POST login form:
hydra -l <username> -P <wordlist> MACHINE_IP http-post-form
"/:username=^USER^&password=^PASS^:F=incorrect" -V
* The login page is only /, i.e., the main IP address.
* The username is the form field where the username is entered
* The specified username(s) will replace ^USER^
* The password is the form field where the password is entered
* The provided passwords will be replacing ^PASS^
* Finally, F=incorrect is a string that appears in the server reply when the
login fails
You should now have enough information to put this to practice and brute force
your credentials to the deployed machine!
Answer the questions below
Use Hydra to bruteforce molly's web password. What is flag 1?
Login to answer..
Hint
Use Hydra to bruteforce molly's SSH password. What is flag 2?
Login to answer..
Created by tryhackme and cmnatic and strategos
This is a free room, which means anyone can deploy virtual machines in the room
(without being subscribed)! 92420 users are in here and this room is 1226 days
old.
--------------------------------------------------------------------------------
Copyright TryHackMe 2018-2023128 City Road, London, EC1V 2NX
LEARN
* Hacktivities
* Leaderboards
* Paths
DOCS
* Teaching
* About Us
* Blog
* Buy Vouchers
SOCIALS
* Twitter
* Email
* Discord
* Forum
WEB-BASED MACHINE INFORMATION
Use the web-based machine to attack other target machines you start on
TryHackMe.
* Public IP:
* Private IP: (Use this for your reverse shells)
* Username:
* Password:
* Protocol:
--------------------------------------------------------------------------------
* To copy to and from the browser-based machine, highlight the text and press
CTRL+SHIFT+C or use the clipboard
* When accessing target machines you start on TryHackMe tasks, make sure you're
using the correct IP (it should not be the IP of your AttackBox)
×
Complete the room to earn this badge
QUESTION HINT
×
...
×
CONGRATULATIONS
You've completed the room! Share this with your friends:
Leave feedback
What do you like about the room?
What don't you like about the room?
Please send your suggestions, ideas and comments!
Send Feedback
TO ACCESS THIS MACHINE, YOU NEED TO EITHER
×
Use a VPN
Connect to our network via a VPN
See Instructions
or
Use the AttackBox
Use a web-based attack machine (recommended)
Start AttackBox
EXPIRING SOON
Your machine is going to expire soon. Close this and add an hour to stop it from
terminating!
Close
EXPIRED MACHINE
Your machine has expired and terminated.
Close
HOW TO ACCESS MACHINES
×
Now you've started your machine, to access it you need to either
Download your VPN configuration file and import it into a OpenVPN client
Control a web-based machine with everything you need, all from inside your
browser
×
Close
RESET YOUR PROGRESS
×
Warning You will keep your points but all your answers in this room will be
erased.
Yes, please!
CLOUD INFORMATION
×
* Environment
* Credentials
GENERATING YOUR CERTIFICATE
×
HEY THERE, WHAT'S YOUR NAME?
If you want your name to appear on your certificate, please fill the field
below.
Full Name
YOU'RE HERE INCOGNITO? IT'S OK!
If you chose skip, your username will be used instead!
Generate with my full name
Generate with my username
Video Solution
Writeups
Forum Post
Knowledge Base
Ask Community
Show Connection Options
To access target machines you need to either:
AttackBox
Use a browser-based attack machine
OpenVPN
Connect to our network via a VPN
View the dedicated OpenVPN access page for more information
WHAT OPERATING SYSTEM ARE YOU USING?
* Windows
* Linux
* MacOS
1. Download your OpenVPN configuration pack.
2. Download the OpenVPN GUI application.
3. Install the OpenVPN GUI application. Then open the installer file and follow
the setup wizard.
4. Open and run the OpenVPN GUI application as Administrator.
5. The application will start running in the system tray. It's at the bottom of
your screen, near the clock. Right click on the application and click Import
File.
6. Select the configuration file you downloaded earlier.
7. Now right click on the application again, select your file and click Connect
1. Download your OpenVPN configuration pack.
2. Run the following command in your terminal: sudo apt install openvpn
3. Locate the full path to your VPN configuration file (normally in your
~/Downloads folder).
4. Use your OpenVPN file with the following command: sudo openvpn
/path/to/file.ovpn
1. Download your OpenVPN configuration pack.
2. Download OpenVPN for MacOS.
3. Install the OpenVPN GUI application, by opening the dmg file and following
the setup wizard.
4. Open and run the OpenVPN GUI application.
5. The application will start running and appear in your top bar. Right click
on the application and click Import File -> Local file.
6. Select the configuration file you downloaded earlier.
7. Right click on the application again, select your file and click connect.
HAVING PROBLEMS?
* If you can access 10.10.10.10, you're connected.
* Downloading and getting a 404? Go the access page and switch VPN servers.
* Getting inline cert error? Go the access page and switch VPN servers.
* If you are using a virtual machine, you will need to run the VPN inside that
machine.
* Is the OpenVPN client running as root? (On Windows, run OpenVPN GUI as
administrator. On Linux, run with sudo)
* Have you restarted your VM?
* Is your OpenVPN up-to-date?
* Only 1 OpenVPN connection is allowed. (Run ps aux | grep openvpn - are there
2 VPN sessions running?)
* Still having issues? Check our docs out.
ATTACKBOX
Use your own web-based linux machine to access machines on TryHackMe
To start your AttackBox in the room, click the Start AttackBox button. Your
private machine will take 2 minutes to start.
Free users get 1 free AttackBox hour. Subscribed users get more powerful
machines with unlimited deploys.
Hide IP