From within Kali, create a user named = jimmy with the password= password123!

1. Create another user named = jesse with the password =essej
2. Start the ssh service.
3. From the terminal, ssh into the localhost as the jimmy user,ie.

ssh jimmy@localhost

5. Enter the password for jimmy, and verify that you are able toauthenticate as jimmy over the ssh service.
6. Once you verify you can remote in, end the ssh session.
7. To use hydra to brute force the localhost’s ssh service withthe username jimmy and a single password of password123,enter:

hydra -l jimmy -p password123localhost ssh

8. Since the password entered is incorrect, you should see theresult “0 valid passwords found”
9. Next, enter the correct password, and you should see theresult.

10. Lookup the help for the hydra command.
11. What would you enter at the command prompt to brute force theusername jesse, trying a null/blank password, trying the usernameas the password and trying the reverse of the username as thepassword?

Enter your commandhere

12. Create a file named users.txt and enter the following names inseparate lines:

johnny

jimmy

jesse

jackie

13. From the terminal, navigate into the /usr/share/wordlistsdirectory. This is the Kali directory that has wordlist files orlinks to wordlist files, that are used for dictionary or bruteforce attack tools. Included in this directory is a compressed copyof the popular rockyou.txt file (the compressed file name isrockyou.txt.gz)
14. Uncompress the file. What is the command you entered?

Enter your commandhere

15. What would you enter at the command prompt to use the users.txtfile and the rockyou.txt file to perform a hydra dictionary attackon the 4 user names in the users.txt file?

Enter your commandhere

16. Run the above command, observe the process, wait a few minutes,then abort the process. Take a screen capture of theresult; (enter your screen capture.) Make sure yourscreen capture shows the command you entered.

Insert your screencapture here

17. You could allow the above command to run to completion, toobserve the successful (or non-successful discovery of thepasswords). But the process will take a considerable amount oftime.
18. The rockyou.txt file is a well-known word list that containspopular and commonly used passwords. Attackers and penetrationtesters often use this wordlist to brute force services withdiscovered usernames. Each line in the wordlist corresponds to aword/password. How many words are there in the file rockyou.txt?Enter your answer below AND the method you used to find the answer.If you used a command line tool, what command did you type?

Enter your commandhere

19. The above number times 4 (for the number of usernames in yourusers.txt file) is the number of brute force attempts the hydraprogram will need to process to discover the username/passwordcombination. Of course, that is the maximum number of attempts. Ifthe password is discovered further up in the wordlist, the numberof attempts will be reduced. And if the password is not in thewordlist, then the username/password combination will not bediscovered.
20. We can minimize the size of the rockyou.txt file to cut down onthe brute force time. Enter:

cat/usr/share/wordlists/rockyou.txt | grep 'password123|essej' >~/rockyou.txt.modified

21. Run hydra again against the localhost ssh service using theusers.txt and modified rockyou.txt.modified files. What command didyou enter?

Enter your commandhere

22. The hydra command should find the passwords for jimmy and jessewithin minutes. Take a screen capture of the discovered passwords;it should be similar to the screen capture below. (Delete thescreen capture below and replace it with your screen capture.) Makesure your screen capture shows the command you entered. My screencapture does not show the command line, in order to prevent givingaway the answer to the previous lab step.