Bruteforce and Password Cracking

 I will be starting to start developing reports. This will be without pictures, proof of concept, for now to make sure my writing is getting better. The methodology I will be using is from eLearnSecurity which is: 

1. Engagement

2.Information Gathering

3. Footprinting & Scanning

4. Vulnerability Assessment

5. Reporting

Note: This is from a lab. I will be using Kali Linux, if you want to know the version look below.

grep VERSION /etc/os-release <enter> search the OS version in the specified file

VERSION="2020.3"

VERSION_ID="2020.3"

VERSION_CODENAME="kali-rolling"

1. Engagement

I am going to VPN into the network. During this step, I will get information for the IP address that I will be going for. I will get a contract signed for the IP address that I will be knowing the rules of engagement. Since this is a VPN machine that I will be attacking I will be downloading the VPN filename. 

cd Downloads <enter> to change to Downloads directory

ls <enter> list the files and folders in the directory I am in. I like to use the flags lash to get a long list of all files, folders, and hidden files, the size of the file, and finally have it human-readable. 

sudo openvpn (filename) <enter> I wait until I see (Initialization Sequence Completed) to know that I am connected to the VPN.

2.Information Gathering

With gathering information and knowing that we are on the network. I will start with Network Config.

ip addr <enter> I will look for tap 0 inet

3. Footprinting & Scanning

I will use nmap and will have to use sudo to properly execute. I will find the ports that are opened. I check for telnet and ssh credentials using hydra. If you cant use rockyou-10.txt, remember to verify where it is. Now it is located at: /usr/share/SecLists/Passwords/Leaked-Databases/rockyou-10.txt 

4. Vulnerability Assessment

I've gotten root's user and pass from hydra. I then SCP into my local directory users and pass.

sudo unshadow passwd shadow >  Brute <enter> put the hash of the two files into one file named Brute

cat to Brute <enter> displays the Brute file

sudo john Brute <enter> crack the hashes of filename Brute with john

ex.) asd (Larry)  {the parenthesis is the user}

      pass (user)

5. Reporting

The tools I used are as follows:

Kali Linux

Command Line: telnet, ssh, scp

nmap

hydra

john

If you want to learn more or want more in-depth report, leave a comment. I purposely left out the CLI for nmap, hydra, loggin in to telnet, scp, and ssh.