This one stumped me a bit. The hydra http command you used in the video differed from the example on the lesson web page. Took me while to work out what needed adapting and a few failed attempts to get there. Got there though, thanks for the lesson. 👍🏻👍🏻
want to say a big thanks for running through this. Had a minor problem with the Hydra syntax returning 16 possible values :~ so this was good to see where I went wrong. Have also subscribed now as this is one of the friendlier ethical hacking sites.
You just start the machine and launch attack box, the machine IP at the start is what you are attacking, so put that IP into the address bar in your AttackBox and you'll get a login page. You'll need to follow this video or read some write-ups since the room is pretty awful for teaching. This video doesn't help either since, like the room, they expect you to just know things even though its labeled as "easy" and supposed to be a introduction.
When I do this it says 16 valid passwords found and includes "123456", "jessica", "babygirl", "iloveyou" and others - but none of these work. "sunshine" works but is not in the list! Am I missing a trick here?
@@sac5180 i had this problem even when including /login. i found out if i change the error message to "incorrect" instead of "Your username or pass is incorrect." i am able to get the login... seems like there are some bugs
I'm still having this issue. I managed to find the flag through the SSH connection, so I resolved the second question first, then I looked for the password and ended up finding another flag, tried it and it worked. But still having the issue. Would that be a bug?
hey dude! I already resolved it, had the same problem as you. you probably use syntax from the task : /:username=^USER^&password=^PASS^:incorrect” , but before username you should use login:. should be like this : /login:username=^USER^&password=^PASS^:incorrect”=....... and worked fine:)
Neither the IP addressed mentioned in this video nor the one listed in the current room work. The only way to complete this module without that is just to copy the flags from this video into our room answers.
the Task 2 page has a button that says 'start machine'. click on that to start the machine and the IP address will be displayed above the Task 1 section. that is the target/vulnerable machine IP. The IP address at the top is the attackbox IP which you use to attack the target/vulnerable machine.
Due to some limitation on my side, I had to install hydra so not only did I have some issues with the web login that the video helped me to fix, but I also had some dependencies missing for ssh. Got there in the end though.
Interestingly with the same command i got 16 results when searching for molly http password, and the right one wasn't there so i watched this video and figured out that i didn't include "login" :D sometimes it's just about patience :D
I have this exact problem. 16 results, none are sunshine. What am I missing? hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.75.16 http-post-form "/login:username=^USER^&password=^PASS^:Your username or password is incorrect."
For anyone else troubleshooting Hydra returning a "too many connection errors message"... make sure you're using the correct IP address as your target. Whoops, amateur mistake on my part that I took too long to figure out.
It is specified in the questions asked. ("Use Hydra to bruteforce molly's web password. What is flag 1?") ("Use Hydra to bruteforce molly's SSH password. What is flag 2?")
Not a skill issue. This Hydra room is pretty bad compared to others, it "teaches" you random syntax then tells you to solve a puzzle, but you would never get the answer without further training or knowledge of other commands. This video just reinforces the fact that you can't learn and do in the same room.
I find your videos super silent ,after when I play some1 elses video it literaly tears my ear drums ,try to work on that abit please :D Content is not questionable ,I'm enjoying going trough tryhackme rooms and aswell following ur guide ,but I'm getting tired of having to use headphones all the time :D
Thank you, you've guided me through a few boxes already, I appreciate how you explain these concepts.
This one stumped me a bit.
The hydra http command you used in the video differed from the example on the lesson web page. Took me while to work out what needed adapting and a few failed attempts to get there. Got there though, thanks for the lesson. 👍🏻👍🏻
want to say a big thanks for running through this. Had a minor problem with the Hydra syntax returning 16 possible values :~ so this was good to see where I went wrong. Have also subscribed now as this is one of the friendlier ethical hacking sites.
I completed hydra room, but love to listen Darksec awesome voice and explanation!!
Thank you!! I'm glad you enjoyed it, I try to add more context to the rooms as I do these videos to provide more value :)
I'm not able to access the login page using the generated machine address IP does anybody facing the same issue ?
same here, did you solved it yet?
@@darwinmercado5644 You need to be connected to TryHackMe's VPN, go to your account icon int the top right > access
same
Could never open the website. Not on Windows, Linux, VPNs or OpenVpn on or off.
Same
In case anyone else has this problem, make sure you've hit the Green "Start Machine" that's next to the ip
@@lupusjoeand?What’s next?
You just start the machine and launch attack box, the machine IP at the start is what you are attacking, so put that IP into the address bar in your AttackBox and you'll get a login page. You'll need to follow this video or read some write-ups since the room is pretty awful for teaching. This video doesn't help either since, like the room, they expect you to just know things even though its labeled as "easy" and supposed to be a introduction.
When I do this it says 16 valid passwords found and includes "123456", "jessica", "babygirl", "iloveyou" and others - but none of these work. "sunshine" works but is not in the list! Am I missing a trick here?
I think you might have the wrong page targeted or something like that. It seems to not have the error bit calibrated correctly
@@sac5180 i had this problem even when including /login. i found out if i change the error message to "incorrect" instead of "Your username or pass is incorrect." i am able to get the login... seems like there are some bugs
@@MrChrisLia yh I did the same too
I'm still having this issue. I managed to find the flag through the SSH connection, so I resolved the second question first, then I looked for the password and ended up finding another flag, tried it and it worked. But still having the issue. Would that be a bug?
hey dude! I already resolved it, had the same problem as you. you probably use syntax from the task : /:username=^USER^&password=^PASS^:incorrect” , but before username you should use login:. should be like this :
/login:username=^USER^&password=^PASS^:incorrect”=.......
and worked fine:)
Neither the IP addressed mentioned in this video nor the one listed in the current room work. The only way to complete this module without that is just to copy the flags from this video into our room answers.
the Task 2 page has a button that says 'start machine'. click on that to start the machine and the IP address will be displayed above the Task 1 section. that is the target/vulnerable machine IP. The IP address at the top is the attackbox IP which you use to attack the target/vulnerable machine.
Very helpful explanation of the format used in http-post-form , thanks!!
How do you arrive at using the username molly. I got lost
I see, too much hidden
Nice overview for this! Please: next time mix it a bit louder.
hello you happened to be the most recent comment here... How about we bcome friends ,... i really want us to work together as team
Thanks Dark!
Thanks, good work!
how can we find the username?
how do we know the username? why molly?
Oh it was provided to us in the room text, take a look at the task reading near the bottom
@@DarkSec
I thought there was a brute force attack for the username too but i was wrong. Thank you
Due to some limitation on my side, I had to install hydra so not only did I have some issues with the web login that the video helped me to fix, but I also had some dependencies missing for ssh. Got there in the end though.
Interestingly with the same command i got 16 results when searching for molly http password, and the right one wasn't there so i watched this video and figured out that i didn't include "login" :D sometimes it's just about patience :D
I have this exact problem. 16 results, none are sunshine. What am I missing? hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.75.16 http-post-form "/login:username=^USER^&password=^PASS^:Your username or password is incorrect."
why i cant open that ip address which i initiated
For anyone else troubleshooting Hydra returning a "too many connection errors message"... make sure you're using the correct IP address as your target. Whoops, amateur mistake on my part that I took too long to figure out.
thats pretty neat
thank you!
How did you know the username was 'molly'?
It is specified in the questions asked. ("Use Hydra to bruteforce molly's web password. What is flag 1?") ("Use Hydra to bruteforce molly's SSH password. What is flag 2?")
What if u have this : 2466.23 tries/min, 76453 tries in 00:31h, 14267946 to do in 96:26h ....too slow
i have only 32 tries/min
where can we download 8GB 2021 latest password from?
I understood nothing i may have skill issues :(
Not a skill issue. This Hydra room is pretty bad compared to others, it "teaches" you random syntax then tells you to solve a puzzle, but you would never get the answer without further training or knowledge of other commands. This video just reinforces the fact that you can't learn and do in the same room.
not gonna lie i thought you where going nsfw with WAPpalyzer
I find your videos super silent ,after when I play some1 elses video it literaly tears my ear drums ,try to work on that abit please :D
Content is not questionable ,I'm enjoying going trough tryhackme rooms and aswell following ur guide ,but I'm getting tired of having to use headphones all the time :D
I like turtles
Is that you isaac?