Successfully performed an automated credential-guessing attack using Hydra. Demonstrated the ability to identify service vulnerabilities and adapt attack vectors when encountering protocol-specific encryption errors (SSH Kex error).
Objective: Test the strength of remote login services against dictionary-based brute-force attacks.
Using Hydra, I performed a targeted credential-stuffing attack against the victim's login services.
- Tooling: Hydra v9.x with a custom-built wordlist (
passwords.txt). - Technical Hurdle: Encountered a "Key Exchange (Kex) Error" when targeting SSH due to legacy protocol mismatches.
- Pivot: Successfully pivoted the attack vector to the Telnet (Port 23) service to bypass encryption-related handshake failures.
- Result: Successfully identified the valid credential pair (
msfadmin:msfadmin) in under 10 seconds using optimized concurrency settings (-t 4).
