Hello I need some Guidance on this lab. I feel like I keep running into a brick wall. I’ve been trying this for weeks now. And this feels like its missing information. Here is the instructions:
Here’s the deal – you’re a pro now, and word is getting around about your performance in that last section. So much so that you have a new client.
Your client maintains a website at psybrary where your team has conducted some initial recon and discovered a serious misconfiguration: the .htpasswd file is accessible through the website! This file contains usernames and password hashes for enforcing HTTP Basic Authentication – the simplest technique for restricting access to web resources. The .htpasswd file should never be available in the URL space… tsk tsk.
Your team has provided the URL to the exposed .htpasswd file: psybrary and they expect you’ll be able to take care of the rest. Good thing you’ve brought your Notes for reference. Give them a quick review, then begin your Mission!
Mission
Perform a dictionary attack to crack the user password hash in the .htpasswd file.
Tip - There’s a website linked from the Inspirations page that would be great fodder for a custom wordlist…
Another Tip - Every good cracker mangles with /usr/share/hashcat/rules/best64.rule
Use your new credentials to access the Members Only area of the website.
Crack the passcode you discover in the Members Only area.
One Task asks for Helena’s password. I have searched almost everything that is attached to the Inspirations page or link, for the URL to use the Cewl Site scraper. Is it something Im missing. Please assist. Thank you.
I am having difficulty getting thru this lab too! What’s baffling me is the “Tip” that says there’s a website linked from the “Inspirations” page that would be great fodder for a custom wordlist. I’ve taken dozens of labs, and this is the first I’ve ever heard of an Inspirations page. Where is it? How can you scrape a site for some possible fodder for a wordlist if you don’t have the address for the site?
Did you visit the psybrary.com website referenced in the instructions? It’s a (fictional) website that’s hosted internally within this lab environment as part of the scenario for this challenge.
If you navigate to that website, you should see a page titled Our Inspirations.
Also wanted to say thanks for the email too - alerting me to check out the website. I feel confident that I will be able to complete the challenge now (thanks to the extra help you gave). I’m really enjoying my experience on Cybrary - I will definitely recommend to anyone pursuing a career in security.
Thank you, for your assistance. I was able to figure out the lab. I overlooked that website and I added more URLS to scrape. Made more work for myself.
Hey there! You should be able to work through most of our Courses with just a phone, as well as the Core Concepts lessons in any of the Virtual Labs, but for the hands-on portions of the labs, you’ll need a laptop or desktop computer - just as you would if you were involved in a real ethical hacking engagement.
When I try to navigate to the URL http://psybrary.com from within the lab environment, I get an ‘Unable to Connect’ message. The same one that I would get if I tried accessing it outside of the lab environment. What do I need to do to access the fictional website?
Can you confirm you are navigating to HTTP://psybrary.com rather than HTTPS://psybrary.com. I can replicate the “Unable to connect” message if I try to connect over HTTPS, but it looks good when I try to connect over HTTP.
I am having the same issue DrkKnight was having, unable to connect to the http://psybrary.com site. I’ve entered it in about 10 times now double checking spelling and tried refreshing as DrKnight did, no luck.
If I click refresh enough times quickly I can see the firefox page that comes up when trying to access an unsecure page flash just before the Unable to Connect Page. Maybe something is up (or down) on the host side.
