Brute Force: Using your yogurt loyalty against you.

I completed the THM (tryhackme) room Enumeration & Brute Force

Here are the objectives for the room:

  • Understand the significance of enumeration and how it sets the stage for effective brute-force attacks.

  • Learn advanced enumeration methods, mainly focusing on extracting information from verbose error messages.

  • Comprehend the relationship between enumeration and brute-force attacks in compromising authentication mechanisms.

  • Gain practical experience using tools and techniques for both enumeration and brute-force attacks.

I brushed up on Burb Suite , Hyrda and a bit of Linux.

Sometimes you gotta be brutal..

This week I am trying my hand at Enumeration and Brute Force on TryHackMe. It is part of the Web Application Pentesting Pathway.

I neede a bit of help and found a great Youtube channel William Heldman Dr. Heldman really went int the details of why… and I found it very helpful the explanation is broken into 5 videos. It seems like a lot, but noobs will appreciate the explaniations.

Now I definitely read all of the prerequisites for this room… And while I didn't have all of the knowledge needed… I figured I’d wing it! (With the help of THM and “YouTube University” 😂) I will not go into the details of how to complete this room; there are many sites providing you with the information needed to complete the tasks. Instead, I will discuss how to make enumeration and brute force attacks less successful.

Think of enumeration as a hacker scouting for information before they attempt to compromise your information, such as valid login credentials. They will use this information, along with powerful computers, to guess the passwords for your online accounts. By combining enumeration prevention with strong security measures—like using complex passwords, enabling multi-factor authentication, limiting login attempts, and monitoring for unusual activity—you can significantly reduce the risk of brute force attacks and keep your accounts safe from unauthorized access.

Security tips to consider:

  • Use strong passwords: Aim for at least 12 characters, combining numbers, symbols, and both upper and lower case letters.

  • Enable MFA (Multi-Factor Authentication): This adds a second verification step. If your phone is already in your hand, use it for extra security!

  • Pay attention to unusual login activity: Don’t approve a login if you did not initiate it. Change your password immediately if this happens.

  • Use a password manager: Avoid using the same password for multiple accounts. If I crack your yogurt loyalty password, I should not be able to log in to your banking app with that information!! 👩🏾‍💻💸

Be vigilant: Hacking is big business, and you need to stay alert all the time. Don’t be low-hanging fruit for hackers.