Venom Academy/Ethical Hacking/Password attacking
We have went through a couple of things. Now we will be looking at privilege escalation also known as password attacking. This is the activity that is done by the attacker in order to gain or hijack the authenticity or privileges of a certain user. This is done to bypass the security procedures that are put into place by default. There are many ways that passwords can be attacked or cracked and we shall be looking into them in this module
Password Cracking methods
editTheree are a couple of different methods that are used to attack passwords. Let's look at them in detail
Dictionary Attack
editThis is a password attack method that uses a text file called a dictionary file or word list file. The file contains a list of words. All the words will be tested against the password procedure until the correct password has been found. Word lists files can be downloaded online or then can be created. Dictionary Attack is really fast to execute because there is no algorithm that needs to be used.
Rainbow attack
editA rainbow attack is one of the best attack but it always proves to be resource consuming. In rainbow attack a file called a rainbow table is used, inside the rainbow table are hashes arranged in columns, when the table is being used to crack for passwords the software being used will check all columns and mix-match all the hashes it finds. This kind of attack requires a hacker to have really fast and efficient hardware.
Brute Force attack
editThis is the attack whereby the cracking software trys all possible passwords in ascending order. Brute force attacks are very time consuming because the require a lot of time.
Hybrid attack
editThis attack is commonly used to attack passwords that are combined of different characters. For example a password like password123.
Lab exercise
editLets perform a few password attacks
Hydra is a great tool we could use to crack remote password with. Hydra comes with preloaded username/password list. Alternatively you could download dictionary files online at https://packetstormsecurity.com. Hydra's syntax is pretty simple to understand, here is the syntax below:
Hydra -L <username> -P <path to dictionary file> <target host> <service>
As shown above we can see that the -L argument is used to specify the username, the argument -P is used to specify the dictionary file. Hydra will also require the service that you want to attack, to find a list of services running on a target machine, you can use nmap to scan it. If you don't know how to scan using nmap then please relate to Chapter 3 of this book. Now let's perform an example using hydra here is the command and output
root@venom [$]~ hydra -l admin -P worlist1.lst 192.168.75.140 ftp Hydra (https://www.thc.org/thc-hydra) starting at 2019-12-30 03:14:12 [DATA] 16 tasks, 1 servers, 170765 login tries (l:1/p:170765), 106728 tries per task [DATA] attacking service FTP on port 21 [21][ftp] host: 192.168.75.140 login: admin password: password12 [STATUS] attack finished for 192.168.75.140 (waiting for children) Hydra (https://www.thc.org/thc-hydra) finished at 2019-12-30 03:17:9
As we can see above hydra managed to launch a dictionary attack and then returned with the password "password123"
There are a couple of other tool that could be used for privilege Escalation try exploring Kali Linux and having fun with it.