Context

Bruteforce a websites login with Hydra, identify and use a public exploit then escalate your privileges on this Windows machine!

Starting hypothesis

This room will cover: brute forcing an accounts credentials, handling public exploits, using the Metasploit framework and privilege escalation on Windows.

Method / Used Tools

Using Hydra to brute-force a login

After identifying a potential username (admin), the next step was to attempt a brute-force attack against the login form. The tool used for this task was Hydra, combined with the well-known rockyou.txt wordlist.

The attack targeted an HTTP POST login form, which required capturing and correctly formatting several parameters such as __VIEWSTATE, __EVENTVALIDATION, and the form fields for username and password.

The process can be summarized as follows:

• Username: admin
• Wordlist: rockyou.txt
• Target: /Account/login.aspx
• Failure condition: "Login failed"

Hydra quickly processed the requests and successfully identified valid credentials:

• Username: admin
• Password: 1qaz2wsx

This confirmed that the application did not implement protections against brute-force attacks (e.g., rate limiting or account lockout).

Compromise the machine

With valid credentials obtained, access to the admin panel was achieved. By inspecting the About section, the application version was identified as: