Home‎ > ‎CIS 75‎ > ‎

Lab 2 - Breaking In

In Lab 1 we performed a port scan to determine what services the target machine exported. We saw that some of the machines were listening on port 22. That port belongs to SSH and is a good port for us because we can test for weak user passwords. SSH is a login service and it let's us supply usernames and passwords all we like. In this lab we will take advantage of that to see if we can find a way in the front door!

For this lab you will use the Ubuntu desktop VM that we used in the last lab. You will need to install packages:

# sudo apt-get install hydra-gtk

Hydra is a program that tries to log in as as fast as possible with a dictionary of passwords. However, it doesn't come with any password dictionaries. You find those for yourself on the Internet. But, to make life easier, I've found one for you from the lovely folks at skullsecurity.org. To download the password dictionary onto your VM run this command:

wget http://downloads.skullsecurity.org/passwords/myspace.txt.bz2
bunzip2 myspace.txt.bz2

Part One:
Now its time to perform the scan. As you learned from the previous assignment different victims are using differing login services. The Linux machine is using SSH and the Windows machine is using RDP. You will attempt to break into both. Normally you will not know the usernames that are on the machines. For this lab, to save you time, I'll give you a hint. Try the 'test' username. In practice a lot of machines have predictable account names (like root). 

Start hydra like this:

hydra -l test -P myspace.txt -f -V  <target> <protocol>

Attack victim.local like this:

hydra -l test -P myspace.txt -f -V  victim.local ssh > attack.log 

Then attack victim2 like this 

hydra -l test -P myspace.txt -f -V rdp >> attack.log 

Turn In

You will have created a logfile of both your attacks called attack.log. Please turn that in to blackboard with answers to the following questions:

  1. What's test's password on victim.local? 
  2. What's test's password on victim2?
  3. How long did it take to find both passwords?
Don't forget the log file!

  1. 5 points for each correct password
  2. 10 points for your log file showing your attack logs