Lesson 13

Date: 6/28/2017
Linux Network Security
Linux System Administration


SSH brute force attacks
Exercise
  • On the desktop, download ncrack
    Install libssl-dev package, then compile and install ncrack by following the instructions on the source web site.
  • Install crunch package on the desktop, which is needed for generating a password dictionary.

  • Deploy a new VM, testub, by cloning kvm1.
  • Deploy a new VM, testcent, by cloning CentOS7.
    Make the both host names resolvable by creating their entries in /etc/hosts file on the desktop.
  • On the both VMs, create user account jerry. Assign password jerry1 to user jerry. If the password PAM module doesn't allow you setting a such simple password, use command mkpasswd and enter the hash manually into /etc/shadow. Check if user jerry can login to the VM.

  • On the desktop, generate a password table, passwords.txt, by running crunch:
    crunch 5 6 jerry123 -o passwords.txt
    
  • Run SSH bruteforce attacks onto account jerry on the both VMs:
    ncrack -vv --user jerry -P passwords.txt testub:22
    ncrack -vv --user jerry -P passwords.txt testcent:22
    
    Within a few minutes, ncrack should be able to identify the correct password for user jerry from passwords.txt list.


  • Take me to the Course Website