banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

About the use of common services and tools for brute force cracking

#渗透117
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This tutorial discusses the concept of brute force cracking, which involves using an attacker's own username and password dictionary to systematically attempt to log in. The tutorial covers various methods of file cracking, including zip and rar files, as well as excel encryption. It also discusses web brute force cracking, specifically targeting services such as ftp, ssh, telnet, mysql, postgresql, and vnc. The tutorial provides step-by-step instructions for using tools like fcrackzip and ARCHPR for cracking zip and rar files on both Kali Linux and Windows systems. It also mentions the use of Medusa and Hydra tools for brute force cracking. Additionally, the tutorial briefly discusses the concept of brute force cracking for web services and provides an example of brute force cracking for FTP and SSH services. The tutorial concludes by mentioning that the methods for brute force cracking are similar for telnet, mysql, postgresql, and VNC, and suggests that AI tools can be used to generate better dictionaries for cracking.

Brute Force Attack: The principle of brute force attack is to use the attacker's own username and password dictionary to enumerate them one by one and try to log in. In theory, as long as the dictionary is large enough, enumeration will always be successful!

This tutorial uses dictionary brute force attack and does not use exhaustive method.

Table of Contents:

File Cracking:

  1. Brute force cracking of compressed files (zip, rar).

Divided into kali and windows

  1. Cracking encrypted Excel files.

Web Brute Force Attack

  1. MSF brute force attack on Metasploitable2-Linux services

(ftp, ssh, telnet, mysql, postgresql, vnc)

  1. Brute force cracking with hydra tool

  2. Brute force cracking with Medusa

  3. Brute force attack on Windows 3389, 21, 3306, 5900

  4. PkavHTTP Fuzzer 1.5.6 CAPTCHA cracking
    Cracking zip compression package using fcrackzip

This is a tool for cracking zip compression packages in kali.

Step 1: Open kali terminal and enter the command: fcrackzip -h to view the help file

image
Step 2: Transfer an encrypted compressed zip file to kali and use the following command to crack it:

fcrackzip -u -D -v -p /root/Desktop/password.txtopenurl.zip

-u: Use decompression to clear incorrect passwords
-D: Use dictionary file
-p: Specify dictionary path openurl.zip is your own compressed file

image
Step 3: The password is www.163.com and the cracking is successful

There is another tool called rarcrack for cracking rar in Linux, which can be installed in kali, but this tool can be ignored directly (because it is not easy to use).
Cracking in Windows:

  1. Step 1: First download the software "ARCHPR" and install it.

image
Step 2: Transfer the encrypted zip and rar files to the XP system.

Step 3: Open the compressed file and select "Dictionary" in the attack type---select a dictionary file in the dictionary file path.

image

Step 4: Click "Start" to crack it successfully. The password is in the red box.
The cracking of Rar password is similar and will not be demonstrated here.
Cracking encrypted Excel files

This software is provided in Xuanjian 2.0.

image
Web service brute force attack

When we scan the server, the server will open a large number of service ports, and these services may have corresponding vulnerabilities that can be exploited. Brute force attack may exist.
Brute force attack on Metasploitable2-Linux services (IP address for this tutorial: 192.168.172.129)

image
You can see that there are many ports corresponding to services. There are:

ftp, ssh, telnet, smtp, domain, http, rpcbind, netbios-ssn, exec,
login, shell, rmiregistry, ingreslock, nfs, ccproxy-ftp,
mysql, postgresql, vnc, xll, irc, ajp13

Many of them have vulnerabilities that can be brute-forced.
Brute force attack on ftp

Ftp is commonly used on port 21

Step 1: Detailed scan of port 21

image

-sV: Detect port service version
-p 21: Port 21

From the above results, it can be seen that the FTP server uses vsftpd 2.3.4 version, which has an anonymous login vulnerability, but we won't discuss it today. What we are going to write is the brute force attack vulnerability, which is actually a weak password vulnerability. Strong passwords cannot be brute-forced either.

Step 2: Start msfconsole

image
Step 3: Use the brute force module (use auxiliary/scanner/ftp/ftp_login)

image
MSF's brute force modules are regular. They are all in auxiliary/scanner/ followed by the corresponding service.
Step 4: Set the corresponding parameters

image
Step 5: Perform brute force, exploit

image
The username and password that have been successfully cracked are displayed in the red box.
Brute force attack on ssh

ssh defaults to port 22, which is a tool for connecting to terminals in Linux.

Step 1: Detailed scan of port 22 (omitted)

nmap -sV -p 22 192.168.172.129

Step 2: Start msfconsole

Step 3: Use the brute force module

use auxiliary/scanner/ssh/ssh_login

image
Step 4: Set the relevant parameters

image
Step 5: Perform brute force, and the brute force is successful

image
The username and password that have been successfully cracked are in the red box.
The methods for brute force attack on telnet, mysql, postgresql, and VNC are the same. The key is the dictionary, but combining with AI tools should be able to generate better dictionaries.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.