Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,090 --> 00:00:07,930
In a previous video we discussed SS H and that it's really not always that much of a low hanging fruit.
2
00:00:08,100 --> 00:00:13,250
So we've got SS h here and say we want to attack it.
3
00:00:13,260 --> 00:00:19,220
Now there are three reasons we're going to do this and this is from a realistic perspective.
4
00:00:20,090 --> 00:00:26,930
If we see SS H on an assessment we're going to try to brute force against it or use weak or default
5
00:00:26,930 --> 00:00:34,450
credentials and we're going to do that because one we're going to test password strength too we're going
6
00:00:34,450 --> 00:00:39,960
to see if we can get in with a weak password or default password.
7
00:00:40,150 --> 00:00:49,780
And if we can also attest to password strength correct and 3 we're going to see how well the blue team
8
00:00:49,780 --> 00:00:51,160
performs.
9
00:00:51,370 --> 00:00:52,480
Do they catch us.
10
00:00:52,480 --> 00:00:59,570
Do they see us brute forcing this should be something that should alert when is being performed.
11
00:00:59,740 --> 00:01:02,380
But you would be surprised how often it does not.
12
00:01:02,740 --> 00:01:05,830
So during a pen test I am as loud as possible.
13
00:01:05,830 --> 00:01:09,130
This is not a red team assessment where we're trying to be quiet.
14
00:01:09,160 --> 00:01:15,730
This is a pen test where we are as loud as possible and we are hoping to be caught.
15
00:01:15,730 --> 00:01:20,410
Sometimes just it or just told to tone it down a little bit you know hey we're seeing you.
16
00:01:20,410 --> 00:01:22,090
Can you be more quiet.
17
00:01:22,300 --> 00:01:27,790
And we just want to be caught some time so we can give kudos in a report and say Hey you saw scanning
18
00:01:27,790 --> 00:01:32,620
here and here and kudos to you but you didn't see a scanning here in here.
19
00:01:32,680 --> 00:01:38,290
So this is how we really help fine tune a blue team and help fine tune a client as well is being loud
20
00:01:38,290 --> 00:01:39,290
sometimes.
21
00:01:39,310 --> 00:01:44,200
So we're going to practice being loud today and we're also going to practice brute force attacks and
22
00:01:44,200 --> 00:01:48,960
we have the perfect opportunity to do that with an essay sage port being open on this machine.
23
00:01:49,600 --> 00:01:54,180
So what we're gonna do is we're going to use a tool called the Hydra and then I'll show you the Midas
24
00:01:54,180 --> 00:01:55,270
plate way as well.
25
00:01:55,570 --> 00:01:57,840
So Hydra is a brute force tool.
26
00:01:58,330 --> 00:02:00,970
So the syntax for Hydra is going to be this.
27
00:02:00,990 --> 00:02:06,910
We're gonna say a Hydra and then we're going to give a dash L for the user that we're going to be utilizing
28
00:02:07,270 --> 00:02:07,980
in this case.
29
00:02:07,990 --> 00:02:13,600
I want to attack root and then we're going to give a capital P for the password list.
30
00:02:13,630 --> 00:02:18,820
So if we want to use a password list with L we can just say capital L but here we're going to say capital
31
00:02:18,820 --> 00:02:30,580
P for the password list and then we're just gonna say user share wordless Metis ploy.
32
00:02:31,630 --> 00:02:37,370
And I'm just going to double tab in this folder so you can see how many words are actually in here.
33
00:02:38,490 --> 00:02:44,670
There's quite a bit of wordless and you can space space and it has wordless for all different kinds
34
00:02:44,670 --> 00:02:46,990
of things built in and these are all over Cally.
35
00:02:47,010 --> 00:02:53,430
So it's good to know your folder locations but user shareware list is one that will use quite a bit.
36
00:02:53,430 --> 00:03:01,080
And what we're going to do is we're going to utilize an attack with these Unix passwords here.
37
00:03:01,110 --> 00:03:03,510
We have a Unix users in Unix passwords.
38
00:03:03,630 --> 00:03:07,830
We're going to utilize the Unix password list and just try to brute force with that.
39
00:03:08,520 --> 00:03:15,170
So we'll say Unix passwords something like that and then we're going to need to specify what we're attacking.
40
00:03:15,170 --> 00:03:28,250
So we are attacking SS h like this and our IP address of our machine or attacking port 22 and then we
41
00:03:28,250 --> 00:03:35,210
need to have a certain amount of attempts or threads at once and we're going to limit that to four and
42
00:03:35,210 --> 00:03:41,390
then I'm going to do a capital V for verbosity just because I want to see the user attempts flow through
43
00:03:41,390 --> 00:03:44,000
so that we can actually see what's going on here.
44
00:03:44,000 --> 00:03:51,690
So once you got the syntax ready to go go ahead and hit enter and you're going to see that it's starting
45
00:03:51,690 --> 00:04:00,120
to attempt root log in password with all these weak passwords here and hopefully it might find something.
46
00:04:00,330 --> 00:04:04,950
But let's go ahead and open up a a new terminal here.
47
00:04:05,160 --> 00:04:12,330
And we're going to use make this a little bigger and I'm going to load up Mets played as well.
48
00:04:13,040 --> 00:04:18,720
Yeah we're gonna run the same exact thing in Mets point but I think it's good to know multiple frameworks
49
00:04:18,720 --> 00:04:21,620
and multiple tools to perform the same task.
50
00:04:21,660 --> 00:04:28,320
So here we're going to search for something like SSD age and this is going to be an auxiliary module
51
00:04:28,320 --> 00:04:35,910
so we'll just scroll up and we're going to look for something like SSA to log in perfect log in and
52
00:04:35,910 --> 00:04:40,420
check scanner and make sure we don't have anything else.
53
00:04:40,440 --> 00:04:41,620
And it looks good to me.
54
00:04:41,680 --> 00:04:51,630
Let's go ahead and take this SSA log in and we're gonna go ahead and say use options
55
00:04:54,180 --> 00:04:56,970
and now we have kind of our brute force options here.
56
00:04:57,000 --> 00:05:02,220
Let me make this a little bigger sense prettier so we've got a brute force speed from zero to five five
57
00:05:02,220 --> 00:05:05,370
being the fastest dribbling passwords.
58
00:05:05,370 --> 00:05:06,420
No no no.
59
00:05:06,450 --> 00:05:10,080
We can set a hard password and we could set a hard user name.
60
00:05:10,110 --> 00:05:18,350
We could set a user and password file a user pass user as password file again.
61
00:05:18,360 --> 00:05:21,090
We can have a password file as well.
62
00:05:21,090 --> 00:05:27,520
So we have a lot of different options here that we can utilize but we're gonna go ahead and do the same
63
00:05:27,520 --> 00:05:35,820
kind of thing we're going to say set user name and we're just gonna say room and then we're going to
64
00:05:35,820 --> 00:05:41,010
say set pass file and similar to what we just use.
65
00:05:41,010 --> 00:05:51,870
We're gonna say user share wordless Meadows flight and then we're going to say lyrics
66
00:05:54,220 --> 00:06:02,100
unique sorry Unix passwords and that should set the pass file and then we just seen our host as well
67
00:06:02,100 --> 00:06:13,950
set our host and we'll say 1 9 2 1 6 8 5 7 1 3 4 say options one more time and you can see that we've
68
00:06:13,950 --> 00:06:21,480
got our password file set we've got our our host set we've got our our port on twenty two threads is
69
00:06:21,480 --> 00:06:27,870
one username route and we should be good to go now we can set multiple threads here we could set threads
70
00:06:27,870 --> 00:06:33,180
to like 10 this is really going to amp it up I mean this should be detected in a second but we're gonna
71
00:06:33,180 --> 00:06:39,240
try to run it and we could set actually let me control see let's set verbose to true as well just so
72
00:06:39,240 --> 00:06:47,830
you could see that it's actually working set verbose to true and then we're gonna run this and then
73
00:06:48,460 --> 00:06:56,260
it's going to attempt different credentials here and it'll say Hey I found it in the light up green
74
00:06:56,320 --> 00:06:57,880
and then we'll know it's good.
75
00:06:58,210 --> 00:07:04,030
So this is actually going kind of slow surprisingly and you can see here that we are at attempt 112
76
00:07:04,060 --> 00:07:05,190
116.
77
00:07:05,380 --> 00:07:12,760
So this is out also going slow and we do not have a successful attempt or a log in I actually don't
78
00:07:12,760 --> 00:07:18,040
believe there's going to be one but you never know.
79
00:07:18,040 --> 00:07:22,240
I believe I remember taking this off line and trying to crack the password and wasn't any kind of weak
80
00:07:22,240 --> 00:07:22,830
password.
81
00:07:22,860 --> 00:07:28,000
So you can let your brute brute force run if you want to go with it but I'm going to go ahead and kill
82
00:07:28,000 --> 00:07:32,430
mine and that's it for this video.
83
00:07:32,440 --> 00:07:38,560
So from here we're going to talk about a similar methodology called credential stuffing which we've
84
00:07:38,650 --> 00:07:45,910
already talked about before except we're not brute forcing but we're using common knowledge to our advantage.
85
00:07:45,910 --> 00:07:48,400
So we'll talk about a little bit of Chris stuffing in the next video.
9692
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.