logo

After attending the meeting

Perform password testing in the NICE Challenge environment and submit documentation on the solution method via the NICE Portal.

7 Pages853 Words15 Views
   

Added on  2022-08-19

After attending the meeting

Perform password testing in the NICE Challenge environment and submit documentation on the solution method via the NICE Portal.

   Added on 2022-08-19

ShareRelated Documents
After attending the meeting, I have came to know the team is concerned about
security hacks due to weak passwords. Team wants me to perform penetration
testing on the system by using username of different users of the network (with the
help of Active directory to get the names of users) and crack their password, if
password is cracked then set reset password on next login for those users so that
they can set complex password which can improve the security.
To perform this penetration testing the tool which is used is Hydra. It is a paralled
password cracking tool and simple to use.
Hydra is known for brute force SSH i.e. remote authentication service. It has suppor
for multiple protocols such as SMB, telnet, MSSQL, HTTP, and SMTP, by using all
these protocols we can perform brute forcing. This tool is very fast and easy to use
for brute force login for password cracking.
Hydra is very useful for researchers and security audits by conultants to audit the
systems of the user to validate their system security. Similarly in this challlenge we
tried to brute force on multiple users of the company and tries to validate user’s
password whether it is secured or not. With the help of hydra we have successfully
brute force on the multiple users and gain the access on the system with the help of
SSH protocol. Which suggests that these users has set weak password and needs to
reset the password on the next login.
The features of Hydra which are used in this challenge are –
1) Common password file named “rockyou.txt” present in “/usr/share/wordlist/” is
used as rapid dictionary to brute force the login for the users of the organisation.
2) It supports for wide variety of protocols such as FTP, https, telnet, smb, HTTP etc.
Here we have used FTP and SSH (the port used for SSH is 22).
3) This tool is also capable to brute those applications as well which has anti-XSRF
tokens.
4) Its paralleled nature (it triggers 16 task parallely) which makes it fastest tool for
password cracking.
In order to perform penetration testing “Security-desk” system is used which has
Kali linux installed on it. Brute forcing is done on the IP – 172.16.20.60 (of
workstation which is present on userspace subnet).
Command used for password cracking:
hydra –l username –P rockyou.txt ssh://172.16.20.60
Here –l (option is used for Login)
-P for password from file. (as passwords are fetched from rockyou.txt)
ssh – protocol used.
After attending the meeting_1
The first user we check for “jcortes” and brute force with jcortes as username and
password from rockyou.txt and ssh as protocol. We have successfully attacked the
user and found the password for the user. The password is “iloveme”. This user
uses weak password hence set for this user to reset password on next login from
domain controller Active directory.
After attending the meeting_2
The next user we check for “jraffin” and brute force with jraffin as username and
password from rockyou.txt and ssh as protocol. Brute force applied but user has set
the strong password and attacked is not successful hence password is secured for
this user.
The next user we check for “asteele” and brute force with asteele as username and
password from rockyou.txt and ssh as protocol. Brute force applied but user has set
the strong password and attacked is not successful hence password is secured for
this user.
After attending the meeting_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Implementation and Evaluation of Penetration Testing Tools
|7
|969
|40

(solved) IT Security - Assignment
|19
|1773
|353

Hydra: A Comprehensive Guide on Brute Forcing Tool
|13
|2351
|187

Comparison of Metasploit and Hydra: Ethical Hacking Tools
|9
|779
|70

Computer Security-System Investigation
|12
|1368
|37

Introduction to Kali Linux
|18
|683
|42