Hydra is Coming to Town
Counting the PIN Codes
PIN codes are used to authenticate users. Take an ATM, a customer is withdrawing money from their checking account, and they have to enter a four-digit PIN to complete the transaction. How many different PIN codes can there be? Since there’s ten numerical options and four necessary values, 10x10x10x10 = 10,000 different combinations.
Let’s Break Our Way In
The keypad shows 16 characters, 0 to 9 and A to F. We will use Crunch to generate a list of all possible password combinations.
$ crunch 3 3 0123456789ABCDEF -o 3digits.txt
3the first number is the minimum length of the generated password3the second number is the maximum length of the generated password0123456789ABCDEFis the character set to use to generate the passwords-o 3digits.txtsaves the output to the3digits.txtfile
The main login page http://10.10.3.183:8000/pin.php receives the input from the user and sends it to /login.php using the name pin.
Use hydra to brute force the password.
$ hydra -l ‘’ -P 3digits.txt -f -v 10.10.3.183 http-post-form “/login.php:pin=^PASS^:Access denied” -s 8000
-l ''indicates that the login name is blank as the security lock only requires a password-P 3digits.txtspecifies the password file to use-fstops Hydra after finding a working password-vprovides verbose output and is helpful for catching errors10.10.3.183is the IP address of the targethttp-post-formspecifies the HTTP method to use"/login.php:pin=^PASS^:Access denied"has three parts separated by:/login.phpis the page where the PIN code is submittedpin=^PASS^will replace^PASS^with values from the password listAccess deniedindicates that invalid passwords will lead to a page that contains the text “Access denied”-s 8000indicates the port number on the target
Enter the correct PIN and unlock the server room door.
