Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

From within Kali, create a user named = jimmy with the password= password123! Create another user named = jesse with the password =essej Start the


From within Kali, create a user named = jimmy with the password= password123!

  1. Create another user named = jesse with the password =essej
  2. Start the ssh service.
  3. From the terminal, ssh into the localhost as the jimmy user,ie.

ssh jimmy@localhost

  1. Enter the password for jimmy, and verify that you are able toauthenticate as jimmy over the ssh service.
  2. Once you verify you can remote in, end the ssh session.
  3. To use hydra to brute force the localhost’s ssh service withthe username jimmy and a single password of password123,enter:

hydra -l jimmy -p password123localhost ssh

  1. Since the password entered is incorrect, you should see theresult “0 valid passwords found”
  2. Next, enter the correct password, and you should see theresult.

  1. Lookup the help for the hydra command.
  2. What would you enter at the command prompt to brute force theusername jesse, trying a null/blank password, trying the usernameas the password and trying the reverse of the username as thepassword?

Enter your commandhere

  1. Create a file named users.txt and enter the following names inseparate lines:

johnny

jimmy

jesse

jackie

  1. From the terminal, navigate into the /usr/share/wordlistsdirectory. This is the Kali directory that has wordlist files orlinks to wordlist files, that are used for dictionary or bruteforce attack tools. Included in this directory is a compressed copyof the popular rockyou.txt file (the compressed file name isrockyou.txt.gz)
  2. Uncompress the file. What is the command you entered?

Enter your commandhere

  1. What would you enter at the command prompt to use the users.txtfile and the rockyou.txt file to perform a hydra dictionary attackon the 4 user names in the users.txt file?

Enter your commandhere

  1. Run the above command, observe the process, wait a few minutes,then abort the process. Take a screen capture of theresult; (enter your screen capture.) Make sure yourscreen capture shows the command you entered.

Insert your screencapture here

  1. You could allow the above command to run to completion, toobserve the successful (or non-successful discovery of thepasswords). But the process will take a considerable amount oftime.
  2. The rockyou.txt file is a well-known word list that containspopular and commonly used passwords. Attackers and penetrationtesters often use this wordlist to brute force services withdiscovered usernames. Each line in the wordlist corresponds to aword/password. How many words are there in the file rockyou.txt?Enter your answer below AND the method you used to find the answer.If you used a command line tool, what command did you type?

Enter your commandhere

  1. The above number times 4 (for the number of usernames in yourusers.txt file) is the number of brute force attempts the hydraprogram will need to process to discover the username/passwordcombination. Of course, that is the maximum number of attempts. Ifthe password is discovered further up in the wordlist, the numberof attempts will be reduced. And if the password is not in thewordlist, then the username/password combination will not bediscovered.
  2. We can minimize the size of the rockyou.txt file to cut down onthe brute force time. Enter:

cat/usr/share/wordlists/rockyou.txt | grep 'password123|essej' >~/rockyou.txt.modified

  1. Run hydra again against the localhost ssh service using theusers.txt and modified rockyou.txt.modified files. What command didyou enter?

Enter your commandhere

  1. The hydra command should find the passwords for jimmy and jessewithin minutes. Take a screen capture of the discovered passwords;it should be similar to the screen capture below. (Delete thescreen capture below and replace it with your screen capture.) Makesure your screen capture shows the command you entered. My screencapture does not show the command line, in order to prevent givingaway the answer to the previous lab step.

Step by Step Solution

3.44 Rating (167 Votes )

There are 3 Steps involved in it

Step: 1

To brute force the username jesse with a nullblank password trying the username as the password and ... blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Microsoft Visual C# An Introduction to Object-Oriented Programming

Authors: Joyce Farrell

7th edition

978-1337102100

More Books

Students also viewed these Programming questions