This one stumped me a bit. The hydra http command you used in the video differed from the example on the lesson web page. Took me while to work out what needed adapting and a few failed attempts to get there. Got there though, thanks for the lesson. 👍🏻👍🏻
Interestingly with the same command i got 16 results when searching for molly http password, and the right one wasn't there so i watched this video and figured out that i didn't include "login" :D sometimes it's just about patience :D
Neither the IP addressed mentioned in this video nor the one listed in the current room work. The only way to complete this module without that is just to copy the flags from this video into our room answers.
the Task 2 page has a button that says 'start machine'. click on that to start the machine and the IP address will be displayed above the Task 1 section. that is the target/vulnerable machine IP. The IP address at the top is the attackbox IP which you use to attack the target/vulnerable machine.
want to say a big thanks for running through this. Had a minor problem with the Hydra syntax returning 16 possible values :~ so this was good to see where I went wrong. Have also subscribed now as this is one of the friendlier ethical hacking sites.
When I do this it says 16 valid passwords found and includes "123456", "jessica", "babygirl", "iloveyou" and others - but none of these work. "sunshine" works but is not in the list! Am I missing a trick here?
@@sac5180 i had this problem even when including /login. i found out if i change the error message to "incorrect" instead of "Your username or pass is incorrect." i am able to get the login... seems like there are some bugs
I'm still having this issue. I managed to find the flag through the SSH connection, so I resolved the second question first, then I looked for the password and ended up finding another flag, tried it and it worked. But still having the issue. Would that be a bug?
hey dude! I already resolved it, had the same problem as you. you probably use syntax from the task : /:username=^USER^&password=^PASS^:incorrect” , but before username you should use login:. should be like this : /login:username=^USER^&password=^PASS^:incorrect”=....... and worked fine:)
For anyone else troubleshooting Hydra returning a "too many connection errors message"... make sure you're using the correct IP address as your target. Whoops, amateur mistake on my part that I took too long to figure out.
Due to some limitation on my side, I had to install hydra so not only did I have some issues with the web login that the video helped me to fix, but I also had some dependencies missing for ssh. Got there in the end though.
It is specified in the questions asked. ("Use Hydra to bruteforce molly's web password. What is flag 1?") ("Use Hydra to bruteforce molly's SSH password. What is flag 2?")
I find your videos super silent ,after when I play some1 elses video it literaly tears my ear drums ,try to work on that abit please :D Content is not questionable ,I'm enjoying going trough tryhackme rooms and aswell following ur guide ,but I'm getting tired of having to use headphones all the time :D