Crack the Hidden Service

Introduction

In this challenge, you'll use Hydra to crack the credentials of a hidden service running on a remote server. The service is protected by HTTP Basic Authentication. Your goal is to uncover both the username and password to access the hidden data.

To achieve this, you'll first set up the environment by creating necessary directories and wordlists containing potential usernames and passwords. Then, you'll create a simple HTTP server with basic authentication using Python. Finally, you'll leverage Hydra to brute-force the credentials using the created wordlists and gain access to the secret data.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL hydra(("Hydra")) -.-> hydra/HydraGroup(["Hydra"]) hydra/HydraGroup -.-> hydra/target_ip("Target IP Specification") hydra/HydraGroup -.-> hydra/target_service("Target Service Selection") hydra/HydraGroup -.-> hydra/output_saving("Output File Saving") subgraph Lab Skills hydra/target_ip -.-> lab-550719{{"Crack the Hidden Service"}} hydra/target_service -.-> lab-550719{{"Crack the Hidden Service"}} hydra/output_saving -.-> lab-550719{{"Crack the Hidden Service"}} end

Crack the Hidden Service

A secret service is running on a remote server, protected by HTTP Basic Authentication. Can you use Hydra to uncover the correct username and password to access the hidden data?

Tasks

Use Hydra to brute-force the HTTP service on localhost port 8000, using the provided username and password lists.
Identify the correct credentials from Hydra's output, and save the password to the found_password.txt file.

Requirements

You must execute the hydra command in the /home/labex/project/wordlists directory.
Use the username list file named usernames.txt and the password list file named passwords.txt.
Target the HTTP service running on localhost at port 8000.
Use the http-get / module in Hydra to perform the attack.
Save the correct password to the found_password.txt file to /home/labex/project/found_password.txt.

Examples

Successful Hydra output:

[DATA] attacking http-get://localhost:8000/
[8000][http-get] host: localhost   login: [USERNAME]   password: [PASSWORD]
1 of 1 target successfully completed, 1 valid password found

Replace [USERNAME] and [PASSWORD] with the actual credentials found by Hydra.

Hints

Remember to specify the correct port number using the -s flag.
The correct password is not in the passwords.txt file. You will need to find another way to crack the password.
Consider creating your own password list with common passwords.

✨ Check Solution and Practice

Summary

In this challenge, the goal is to crack HTTP Basic Authentication protecting a hidden service running on a remote server. Using Hydra, you discovered both the username and password required to access the service.

The challenge involves setting up a simulated environment, including creating directories for wordlists and the HTTP server, generating username and password lists, and creating a Python-based HTTP server that requires authentication. Hydra is then used to brute-force the credentials using the created wordlists against the running HTTP server on port 8000.