Users with the same passwords:

Frodo Baggins: Strider2020

Peregrin Took: 28Peregrin

Users with different passwords

Samwise Gamgee: Mallorn79

---

Using RSMangler:

https://www.kali.org/tools/rsmangler/

To use RSMangler you will first need to create a wordlist using nano which is very simple

After making the wordlist (the shorter it is the faster things will go) use the command cat wordlist.txt | rsmangler -m 9 -x 15 --file - > nameofmangledfile.txt After a short wait you'll get a mangled word list. You can cat the new wordlist and check it out.

---

Using Hydra:

https://www.kali.org/tools/hydra/

Using hydra is pretty simple. Once you have your wordlist and you know your target in the terminal type the command sudo hydra -l USER -P wordlist.txt -t 6 ssh://x.x.x.x and hydra will start doing its thing. Hydra takes a long time (especially if you're using a long wordlist) but it will eventually end and you will find out if you got the password right or not. If not- make a new wordlist and try again.

---

After refreshing myself with the tools by getting Peregrin's password I moved on to Samwise who had a completely different password.

Using the steps listed above I made a short word list with words that would likely be Samwise's password and mangled it and then used hydra to guess the password and this was the result:

This was the wordlist I used:

---

Dirb

Dirb is an important tool to use when password cracking and It is especially helpful when trying to get access to HTTP user passwords. It shows most of the available directories on a website providing the user a wealth of information about the website.

More info here: https://www.kali.org/tools/dirb/

Example:

---

HTTP User cracking:

The first HTTP user I went after was Bilbo. Getting the password works the same as the others but the trick is knowing where to use the password (this is where dirb comes in handy). In this case I want to get Bilbos password so I can get access to the admin directory on 10.0.5.21.

Wordlist: