Table of Contents
In the previous lesson, I demonstrated to you the easy way to exploit and server and get the shell intersection. In this lesson, you are going to learn a complicated and pretty powerful way to get the shell intersection is Brute-forcing.
At an earlier stage, if an authenticated user tries to access the FTP server, they need an appropriate username and password to get into the FTP server.
Goal: Try to perform a brute-force attack on the SSH, FTP, and Telnet services to get the login username and password.
What if a hacker tries to get into the server then they must need a proper authenticated username and password, otherwise, the login failed.
At this place, a Brute-force attack comes to work.
What is the meaning of Brute Force Attack?
A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations' systems and networks.
Brute-force the FTP server
What if you don't find any vulnerability on the target machine, then what we should do? The answer is you have to perform a brute-force attack on the target machine and try to crack the passwords.
While this is good, it’s not really practical to manually test every possible password. That’s why Hydra takes wordlists. You can specify a WordList instead of a single password.
Note: A brute-force attack can take lots of time, so keep calm and wait for the end.
There are lots of Brute-forcing tools available among then few are listed below:
- hydra
- Xhydra
- Ncrack
- medusa
- Patator
Brute-forcing using Hydra
According to Wiki:
Hydra is a parallelized network login cracker built in various operating systems like Kali Linux, Parrot, and other major penetration testing environments. Hydra works by using different approaches to perform brute-force attacks in order to guess the right username and password combination.
To find out helpful information about Hydra just run the help command:
From the above help command, we found that
- -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
- -p PASS or -P FILE try password PASS, or load several passwords from FILE
- -v / -V / -d verbose mode / show login+pass for each attempt / debug mode
After all, these, let's perform a Brute-force Attack:
From above, we found that the username and password that marked in bold. Now, we can try to get into the FTP server using the below commands:
- You can learn more about FTP servers:
How Hackers Attempt to Gain Unauthorized Access - Login Attacks
This article explores various methods that hackers use to attempt unauthorized access through login attacks. Understanding these attack techniques can help individuals and organizations better defend against unauthorized access attempts.
Brute Forcing the SSH services
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on a client–server architecture, connecting an SSH client instance with an SSH server.
To get a Proper connection you must have a proper username and password credentials. This is also similar to FTP services.
Let's try brute-forcing using Hydra:
- -l LOGIN or -L : FILE login with LOGIN name, or load several logins from FILE
- -p PASS or -P : FILE try password PASS, or load several passwords from FILE
- -t : TASKS run TASKS number of connects in parallel per target (default: 16)
Let's Try to log in with the username and password:
Attempt to Brute-forcing the Telnet service
Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network (such as the Internet). Using telnet client software on your computer, you can make a connection to a telnet server (that is, the remote host).
Let's try attempt to connect the server with the help of telnet:
As you can see it prompts me to insert the login credentials. Let's try brute force to get the user name and password:
Once you find out the username and password try to get a connection:
From the above examples, you find out how a Brute force attack works.
Prevention:
There are many methods to stop or prevent brute force attacks.
Let’s investigate other ways to prevent a brute-force attack.
- Limit failed login attempts
- Make the root user inaccessible via SSH by editing the sshd_config file
- Don’t use a default port, edit the port line in your sshd_configfile
- Use Captcha
- Limit logins to a specified IP address or range
- Two-factor authentication
- Unique login URLs
- Monitor server logs