How to Crack Password | Password Hacking using kali linux
How to Crack Password | Password Hacking using Kali Linux
Content:-
The attacks I will be doing are happening in the testing environment. This is only for educational purposes only.
I have created a Ubuntu Docker container & enabled SSH into that. We are going to crack the password of the Ubuntu Docker container using the hydra tool
There are 2 types of attacks
- Online attack
- Offline attack
Password Hacking:-
If you are using any other operating system you first need to install some tools to get this thing working for you
- sudo apt install hydra wordlists # You should have this thing installed in your system I have already shown you thin is the john-the-ripper article you can check that out
As we can see it is asking password for the login. What can we do in this case, you can manually try some password that you remember you might have entered or forgotten about the system, but we are not going to do this we will be brute-forcing the password. ( entering many passwords hoping that one of them is correct ) using a tool.
We will be using a tool called hydra for this tutorial as it is going to do most of the stuff for us. we just have to specify some paraments or arguments that you can say & it will automatically start doing the brute-force attack for us.
We are not going to use the brute-force attack, we will be performing a dictionary attack where we will be using a file containing a password for the user I will be using a custom password file to save some time. You can also use rockyou.txt if you are not sure about the password.
As you can see we have successfully found the password of the root user of the machine not we can log in to the machine using that password.
But first, we will discuss what just happened here,
- we have specified which command we are going to use hydra with sudo permissions
- we then specified the rate of the task -t4
- We specified the name of the user -l "root" ( as we knew the username here if you don't know that you have to use a dictionary for the username also as like we have used for the password )
- We specified the Password list -P ./password-list.txt
- We then Specified the IP address of the target PC, The pc on which we are performing this attack.
- We then specified the service we are performing the attack on which is ssh ( port 22 )
Getting into the machine
As we know the password now we can successfully log in to the system now using ssh.
This attack might not always work. There are systems that have rate-limiting ( you can't enter the password more than n times ) in that case you can't perform this thing. Your account might get banned from the server.
The attack we will be doing till now is an Online attack, there is an Offline attack also which we will be seeing in the next part.
Conclusion:-
We learned to use a password brute-forcing using hydra & kali-Linux.
