Try Hack me — Advent Of Cyber 2023 Day 3 Write Up — Hydra is Coming to Town
Room: Advent of Cyber 2023 Day 3
Day 3 is starting with a bang, detective Frost-eau catching an intruder and losing his arm! Still he commences the chase!
After an explanation about how unsafe PIN codes are, I continue wondering why this is so often used for banking and government apps. Only having limited attempts to succesfully enter the PIN is one measure of security, but still I think there are better ways. What do you think?
We’ll Start of with Crunch, a tool that generates a list of all possible password combinations based on given criteria. We need to issue the following command:
crunch 3 3 0123456789ABCDEF -o 3digits.txt
The command above specifies the following:
3
minimum length3
maximum length0123456789ABCDEF
character selection-o 3digits.txt
output file location
So lets make the file!
The generated file should look like this, every line contains a possible combination of the provided charachters.
Next we’ll launch hydra on the login page. When viewing the page source we find that a post request is sent to login.php.
hydra -l ‘’ -P 3digits.txt -f -v MACHINE_IP http-post-form “/login.php:pin=^PASS^:Access denied” -s 8000
-l ''
indicates that the login name is blank as the security lock only requires a password-P 3digits.txt
specifies the password file to use-f
stops Hydra after finding a working password-v
provides verbose output and is helpful for catching errorsMACHINE_IP
is the IP address of the targethttp-post-form
specifies the HTTP method to use"/login.php:pin=^PASS^:Access denied"
has three parts separated by:
/login.php
is the page where the PIN code is submittedpin=^PASS^
will replace^PASS^
with values from the password listAccess denied
indicates that invalid passwords will lead to a page that contains the text “Access denied”-s 8000
indicates the port number on the target
A few minutes later we find the password in the terminal.
Using the password to get into the website, we find a button called “Unlock Door”. Pressing this button will make the flag visisble.
Happy Hacking!