Unit 4
Unit 4
Hydra
Medusa
Ncrack
What is Hydra?
Hydra is an open source, password brute-forcing tool designed
around flexibility and high performance in online brute-force attacks.
We have specified the username as “administrator” followed by the –P parameter and the location
where the wordlist is located.
In BackTrack, the default list is located in the /pentest/passwords/wordlist/ directory
Notice that hydra has managed to find the password:
“aedis”.
we know the username and the password for the ftp server, we can try logging in.
Type in “ftp” followed by the server name. It will ask for username and password.
After entering it, we will be able to log in to the FTP server, where we can issue
further commands
Medusa
Medusa is an alternative to Hydra and is a really fast password
cracking tool.
It is a parallel brute force tool just like Hydra. However, it is much
more stable and faster than Hydra.
we need four parameters in order to run
Medusa
–h = Hostname to attack
–u = Username to attack
–P = Password file
–M = Service to attack
OpenSSH Username
if a username with root is available or not.
Syntax:
root@root:#./ssh_user_enum.py -user root -Host
Cracking SSH with Medusa
medusa –h 192.168.75.141 –u root –P password.txt –M ssh
After a few attempts, it managed to find the correct password,
which was “rafay”. Now, you can log in to the SSH server using your
favorite SSH client such as putty
Ncrack
ncrack is one of the tool for password cracking.
it is based upon nmap libraries.
it can be combined with nmap to yield great results.
the only disadvantage with this tool is that it supports very few services,
namely, ftp, ssh, telnet, ftp, pop3, rdp, and vnc.
Basic Syntax
we can execute the “ncrack” command without parameters in the terminal
to find out what parameters are required for using ncrack.
–u = username to attack
–p = password file
–p = port of the service to attack (lowercase p)
–f = quit cracking after the first credential is found
Cracking an RDP with Ncrack
# ncrack –u administrator –
P/pentest/passwords/wordlists/darkc0de.lst rdp://192.168.75.140
Once our credentials are cracked, we can use rdesktop to log in to the
RDP.
Command:
ncrack –vv –u administrator
–P/pentest/passwords/wordlists/darkc0de.lst –iX/root/Desktop/output.xml –f
MySQL Servers
Metasploit
the metasploit framework contains a large number of tools that
enable penetration testers to identify security vulnerabilities,
carry out attacks, and evade detection.
some of the most commonly used tools:
msfconsole—this is the main metasploit command-line interface
(cli). it allows testers to scan systems for vulnerabilities, conduct
network reconnaissance, launch exploits, and more.
exploit modules—allow testers to target a specific, known
vulnerability.
auxiliary modules—allow testers to perform additional actions
required during a penetration test which are not related to directly
exploiting vulnerabilities. for example, scanning, and denial of
service (dos).
post-exploitation modules—allow testers to deepen their access on
a target system and connected systems.
Step 1—Launch Metasploit by typing “msfconsole”.
Step 2—Issue the following command—use auxiliary/scanner/mysql/mysql_
login
Step 3—Type the IP address of the target after SET RHOSTS command.
Step 4—Define a USER _ FILE that contains the list of all possible usernames.
Step 5—Define a PASS _ FILE that contains the list of all possible passwords.
Step 6—Finally, type run to execute the module
hydra and medusa to crack a mysql password
hydra –l root –P/pentest/passwords/wordlist/darkcode.lst
192.168.75.140 mysql
metasploit
Commands:
msfconsole – To launch metasploit use
auxiliary/scanner/mysql/mysql _ login (Within Metasploit Console)
set RHOSTS
Run
Using Null Passwords