ComputerSecurityStudent (CSS) [Login] [Join Now]


|UNIX >> Kali >> Kali 1.0 >> Current Page |Views: 19092

(Kali: Lesson 3)

{ Install brutessh.py }

Section 0. Background Information
  1. Background information.
    • The goal of the lesson is to show you how to install brutessh.py and all of it's prerequisites.

  2. What is brutessh.py
    • Brutessh is a program that uses the paramiko ssh library, to launch bruteforce passwords attacks against the sshd service. The tools is multithreaded and can use a dictionary password lists.

  3. What is python-crypto
    • This is a collection of both secure hash functions (such as SHA256 and RIPEMD160), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.)

  4. What is python-paramiko
    • Paramiko is a Python implementation of the SSHv2 protocol, providing both client and server functionality. Paramiko itself is a pure Python interface around SSH networking concepts.

  5. Prerequisite
  6. Lab Notes
    • In this lab we will do the following:
      1. We will install python-crypto.
      2. We will install python-paramiko
      3. We will install python-paramiko
      4. We will use John the Ripper to create a small password list

  7. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2015 No content replication of any kind is allowed without express written permission.

Section 1. Start Kali
  1. Start VMware Player
    • Instructions
      1. For Windows 7
        • Start --> All Programs --> VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player

     

  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on the Kali VM
      2. Click on Edit virtual machine settings

     

  3. Auto Detect Hard Drive
    • Instructions:
      1. Click on CD/DVD(IDE)
      2. Click the Use physical drive: radio button
      3. Make sure Auto detect is selected

     

  4. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button

     

  5. Start the Kali VM
    • Instructions:
      1. Click on the Kali VM
      2. Click on Play virtual machine

 

Section 2. Login to Kali
  1. Supply Username
    • Instructions:
      1. Click Other
      2. Username: root
      3. Click the Login Button

     

  2. Supply Password
    • Instructions:
      1. Password: Provide the root password
      2. Click the Login Button

     

Section 3. Obtain IP Address Address
  1. Open a Terminal
    • Instructions:
      1. Applications --> Accessories --> Terminal

     

  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes (FYI):
      • As indicated below, my IP address is 192.168.1.115 for Network Interface eth0.
        • Please record your IP address
      • The Local Loopback Address is 127.0.0.1 for Network Interface lo.
        • The loopback device is a special, virtual network interface that your computer uses to communicate with itself.  When the network or wifi is disconnected the loopback exists so applications running on your computer can always connect to servers on the same machine.

     

Section 4. Download Brutessh
  1. Install python-crypto
    • Instructions:
      1. apt-get install python-crypto
    • Note(FYI):
      1. This is a collection of both secure hash functions (such as SHA256 and RIPEMD160), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.)

     

  2. Install python-paramiko
    • Instructions:
      1. apt-get install python-paramiko
    • Note(FYI):
      1. In my case, python-paramiko is at the latest version.
      2. Paramiko is a Python implementation of the SSHv2 protocol, providing both client and server functionality. Paramiko itself is a pure Python interface around SSH networking concepts.
     
  3. Download, Unzip and Untar brutessh.zip
    • Instructions:
      1. mkdir -p /pentest
      2. cd /pentest
      3. wget http://www.computersecuritystudent.com/UNIX/KALI/1_0/lesson3/brutessh.zip
      4. ls -l brutessh.zip
      5. unzip brutessh.zip

     

  4. Test brutessh.py
    • Instructions:
      1. cd brutessh/
      2. python brutessh.py -help
     
  5. Create BruteSSH Password List
    • Instructions:
      1. head -50 /usr/share/john/password.lst | grep -v "^#" | head -50 > password.txt
        • I grabbed the first 50 passwords, minus the comments(#), from John the Ripper to create enough future brute force ssh traffic for denyhosts to block.
      2. ls -l password.txt

     

Section 5. Proof of Lab
 
  1. Proof of Lab
    • Instructions:
      1. cd /pentest/brutessh
      2. python brutessh.py -help | grep -i ver
      3. grep -n abc123 password.txt
      4. date
      5. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Do a <PrtScn>
      2. Paste into a word document
      3. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth