(Online Password Attacks: brutessh.py)

{ Using brutessh.py to crack a password }

1. http://www.edge-security.com/edge-soft.php
   • A simple sshd password bruteforcer using a wordlist, it's very fast for internal networks.

1. Login to your TargetUbuntu02 VM, as username student
   • For those of you that do not have access to my class, the TargetUbuntu02 VM is an Ubuntu Operating System.

    

2. On TargetUbuntu02, become root
   • sudo su -
   • 

    

3. Determine if you have a valid IP address
   • ifconfig -a
   • Valid IP Address Example.
     • 

      

   • In-Valid IP Address Example
     • Notice there is no inet address as seen above.
     • 

    

4. If you have an invalid IP Address, please click on the below link.
   • Click Here

    

1. Login to your Backtrack01 VM, as username root
   • 

    

2. startx
   • Issue the startx command if you are currently are only seeing a console and not a graphical user interface.
   • 

1. Determine if you have a valid IP address
   • ifconfig -a
   • Valid IP Address Example.
     • 

      

   • In-Valid IP Address Example
     • 
    
2. If you do not have a valid IP Address, click on the below link.
   • Click Here

1. On TargetUbuntu02, become root if you are not.
   • sudo su -
   • 

    

2. Create a username called hackme.
   • Command:  useradd -m -d /home/hackme -c "Weak Password" -s /bin/bash hackme
   • 

    

3. Set user hackme's password.
   • Command: passwd hackme
     • Use the password "Password"
   • 

1. On your BackTrack01 VM
   • Start up BruteSSH using the below navigation
   • 

    

2. Once loaded, you will a screen similar to the below screen shot.
   • 

    

3. Create a password list
   • Command: vi wordlist.txt
   • 

    

4. Let's Create our own password list
   • There are many places on the Internet to download Dictionary Password List.
     • Such As, http://www.phenoelit-us.org/dpl/dpl.html

    

   • In our case, we are just learning how to use the tool.
   • Enter in the following names.
     • In "vi"
       • Type "i" to insert.
       • Type the names, including the last line "Password."
       • Press the ESC button
       • Type ":wq" to save
   • 

    

5. Let's execute BruteSSH
   • Command:  ./brutessh.py -h 192.168.1.106 -u hackme -d wordlist.txt
     • Replace 192.168.1.106 with the IP address of your TargetUbuntu02 VM Server.
     • "hackme" - is the username you created on TargetUbuntu02, with the weak password of "Password."
     • wordlist.txt - is the word list that you are telling BruteSSH to use.  In the real world, you would find and use a dictionary list.
   • 

    

6. Viewing the Results
   • If the password is found, you will see a message similar to the below saying Password Found, along with the actual password.
   • 

    

7. Verify if hackme's password is really "Password"
   • Command:  ssh hackme@192.168.1.106
     • Replace 192.168.1.106, which your TargetUbuntu02's IP Address.
     • You might be prompted to continue connecting, if so, answer yes.
     • Use the password "Password"
   • 

1. On TargetUbuntu02
   • Command:  cd /var/log
   • 

    

2. Let's look at the auth.log
   • The Authorization Log tracks usage of authorization systems, the mechanisms for authorizing users which prompt for user passwords, such as the Pluggable Authentication Module (PAM) system, the sudo command, remote logins to sshd and so on.
   • Command: tail auth.log
     • Notice all the failed logins for username hackme.  Then take note, of the accepted password for hackme, which means somebody was able to crack hackme's password.
   • 

1. Cut and Paste a screen shot that looks similar to Step #2 in Section 6 into a word document and upload to Moodle.