Wednesday, July 13, 2022

Mr Robot 1 from Vulhub Part 4

 Now I was left with the dictionary file I found on the robot.txt file, my guess is its location is at the root directory of the website. So I plan to download the file but before doing that, I would like to play a guessing game. It is quite known that unsecured wordpress blogs usually have weakness that are easily exploitable. I would like to check if my theory is correct by trying to login into the wordpress site using the name of the characters in the tv series. And it seems I found the user, by typing elliot, darlene and tyrell and some random name ahmad. See the error messages:

 

All of the error messages are the same except elliot, the lead character, it is obvious that elliot is a valid username. But what if it is not based on a tv series, that would leave me no choice but to use brute force in guessing the username. To do that I would need lots of words probably billions but maybe the dic file suggests a clue, so I m going to use it but first I need to download it, and to do this, I will use the wget command by typing the following at the command prompt: wget 192.168.3.3/fsocity.dic and to display its contents type: cat fsocity.dic. It really contain lots and lots of words. So I will use it to generate wordlist.dic by typing: cat fsocity.dic | sort -u | uniq > wordlist.dic and now I am ready to perform the brute force attack by using hydra. I just typed the following to carry out the attack: hydra -V -L wordlist.dic -p 123 192.168.3.3 http-post-form ‘/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid username’. I did not let the tool finish its work because I already saw a green row:

it was the same as I have predicted: it contained the word "elliot".


To be continued...





No comments:

Post a Comment