AdSense

Tuesday, April 3, 2018

Bruteforce (II): attacking an SSH server with BRUTER


BRUTEFORCE (II):  ATTACKING AN SSH SERVER WITH BRUTER

 - Layout for this exercise:


- This exercise is based in the previous one:

 http://www.whitelist1.com/2018/04/bruteforce-i-attacking-ftp-server-with.html


 1 - Setting up an SSH server

 - Downloading the freeSSHd server to the victim Windows 10:



- Running the executable:













- Going to the SSH server Settings:


- Starting the SSH server on the victim side Windows 10:


- Adding a user admin and a simple password (123):


- Finally the SSH server is up and running:


- Checking that the SSH service works for the user admin:







2 - Bruteforcing the SSH server

 - From the attacker machine Windows 7, checking that the port 22 is open at the victim Windows 10 (192.168.1.6):



- Running Bruter.exe from the attacker against the SSH server (IP 192.168.1.6, port 22):


2.1) Dictionary

 - Taking the Dictionary option, and browsing for a wordlist:

  
- Starting the attack:




- The attack is successful because and the password (123) is revealed:





 2.2) Brute force

 - Choosing Brute force, setting options for the Charset and the length of the password:
 


- Starting the attack:


- Finally the attack is successful because the password (123) is revealed:


- The password has been chosen deliberately simple because the purpose of this exercise was just to demonstrate how to operate with the Bruter tool.

 - For more complex passwords Bruter has a wide range of predefined Charsets with a greater number of characters, in addition to the possibility of decreasing the Min_Len parameter and increasing Max_Len.

 - Obviously, the disadvantage would lie in the slowness of the attack, in addition to the greater amount of resources needed to implement it.





Posted by at
Labels:

Bruteforce (I): attacking an FTP server with BRUTER


BRUTEFORCE (I):  ATTACKING AN FTP SERVER WITH BRUTER

 - Layout for this exercise:



1 - Bruter: a bruteforce attack tool 

 - In cryptography, a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. 

 - The attacker systematically checks all possible passwords and passphrases until the correct one is found. 

 - Bruter is a parallel network login brute-forcer on Win32.

- This tool is intended to demonstrate the importance of choosing strong passwords. 

 - The goal of Bruter is to support a variety of services that allow remote authentication.

 - Downloading Bruter to the attacker machine Windows 7:

 https://sourceforge.net/projects/worawita/files/latest/download




2 - Setting up an FTP server

 - Opening the XAMPP Control Panel at the victim Windows 10:


- Starting the FTP server:


- Connecting to the FTP server:
- Adding admin as user:


- Setting a simple password (123) for the user admin:



- Setting as Shared folder C:\FTPtransfer for the FTP server:


- Entering authentication credentials:



- The access to the FTPtransfers folder is successful:



3 - Bruteforcing the FTP server

 - From the attacker machine Windows 7, checking that the port 21 is open at the victim Windows 10 (192.168.1.6):



- Running Bruter.exe from the attacker against the FTP server (IP 192.168.1.6, port 21):

3.1) Dictionary

 - Taking the Dictionary option and browsing for a wordlist:







- Starting the attack:




- Finally the attack is successful because the password (123) is revealed:




3.2) Brute force

- Choosing Brute force option, setting options for the Charset and the length of the password:
- Starting the attack:


- Finally the attack is successful because the password (123) is revealed:



- The password has been chosen deliberately simple because the purpose of this exercise was just to demonstrate how to operate with the Bruter tool.

 - For more complex passwords Bruter has a wide range of predefined Charsets with a greater number of characters, in addition to the possibility of decreasing the Min_Len parameter and increasing Max_Len.

 - Obviously, the disadvantage would lie in the slowness of the attack, in addition to the greater amount of resources needed to implement it.



Posted by at
Labels:

Monday, April 2, 2018

DDoS - Distributed Denial of Service attack with Low Orbit Ion Cannon (LOIC) and Metasploit


DISTRIBUTED DENIAL OF SERVICE ATTACK WITH LOW ORBIT ION CANNON (LOIC) AND METASPLOIT

 - Layout for this exercise:



1 - DoS and DDoS

 - A Denial-of-Service attack (DoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet:

 https://en.wikipedia.org/wiki/Denial-of-service_attack

 - Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

 - In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources.

 - This effectively makes it impossible to stop the attack simply by blocking a single source.

 - In this exercise we will perform a DDoS attack against a Linux Metasploitable distro from two attackers:

  • Windows 10 using Low Orbit Ion Cannon (LOIC)
  • Kali Linux using a Metasploit auxiliary module

- The victim role is played by the Metasploitable Linux distro.


2 - Victim: Metasploitable Linux

- Metasploitable is an intentionally vulnerable Linux virtual machine. 

- This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. 


https://sourceforge.net/projects/metasploitable/

 - Connecting to Metasploitable via web:


3 - Attacker 1: Windows 10 with Low Orbit Ion Cannon (LOIC) 

- Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application, written in C#. 

 https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon

 - LOIC was initially developed by Praetox Technologies, but was later released into the public domain and now is hosted on several open source platforms.

 - LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host. 

 - High Orbit Ion Cannon (HOIC) has been designed to replace the LOIC, but the limitation of HOIC is that it requires a coordinated group of users to ensure that the attacks are successful.

 https://en.wikipedia.org/wiki/High_Orbit_Ion_Cannon

 - Even though it has allowed attacks to be launched by far fewer users than the older Low Orbit Ion Cannon, HOIC still requires a minimum of 50 users to launch an effective attack and more are required to sustain it if the target website has protection.

 - We will use LOIC because our purpose is to exemplify a simple DDoS attack, so the HOIC tool is outside the scope of this exercise.

 - Downloading LOIC to Windows 10:

 https://sourceforge.net/projects/loic/files/latest/download
- Running the executable:




- Setting the victim's IP and Lock on:
- Setting the method or attack (HTTP) and the port 80:


- Launching the attack:
- Running Wireshark and applying a filter:
- Removing the filter, let's notice the great amount of responses from Metasploitable:


4 - Attacker 2: Kali Linux with a Metasploit DoS auxiliary module

- Using the synflood Metasploit auxiliary module:
- Setting options for the victim:


- Launching the attack from Kali Linux:





- Running Wireshark:


- Following the Stream Content:
5 - Result of the attack

 - As a consequence of the successful DDoS attack the Metasploit web server goes down:





Posted by at
Labels:
Subscribe to: Posts (Atom)