TryHackMe Walkthrough: h4cked
This is the first of my TryHackMe (THM) walkthroughs. THM is a fabulous platform for learning, with a wide variety of topics and skill levels. The h4cked room I am covering in this post is free for registered users.
To complete this room you download the packet capture (pcap) file directly on your host and analyze using the tool of your choice. I will be using Wireshark for this walkthrough.
Task 1 Questions
The attacker is trying to log into a specific service. What service is this?
To answer this, go to Statistics > Protocol Hierarchy. Note the FTP traffic.
There is a very popular tool by Van Hauser which can be used to brute force a series of services. What is the name of this tool?
This question can be answered by searching Google for “FTP brute force tool van hauser” or something along those lines. Results should give you Hydra.
The attacker is trying to log on with a specific username. What is the username?
It helps to know (or look up) some FTP status codes and commands. If I want to know the username I would look for logon attempts in the traffic. I created a filter to show that: ftp.request.command == USER.
