The previous article summarized the commonly used methods of penetration test information collection. After that, I will write some things about external network penetration. Today’s article is about the brute force cracking of penetration testing.
1. What is brute force
What is brute force cracking, brute force cracking is also called enumeration method. When conducting inductive reasoning, if you examine all the possible situations of a certain type of event one by one and draw a general conclusion, then this conclusion is reliable. This inductive method is called enumeration. In layman’s terms, it is to try one by one, but not manually, but using tools.
2. Tools needed for brute force cracking
There are many popular brute force cracking tools on the market now, and some tools are also very easy to use. Here I will introduce two brute force cracking tools to use. The first one is hydra, which is also a very classic and easy-to-use brute force tool, and this tool is generally used for service blasting on some ports, such as some 21 port FTP services, 22 port SSH port, SMB port 445, mysql port 3306. Of course, we must also collect information on the target before using this tool to see which ports the other party has opened, and we are prescribing the right medicine. At this time, we can use the O parameter of nmap to scan the target to see which services are enabled, and then proceed to the next step. Another tool is the Intruder module in burpsuite. This brute-force cracking tool is generally used to blast the landing pages on websites.
3. How to use brute force tool hydra
hydra download link https://github.com/vanhauser-thc/thc-hydra
Before using, we first turn on a virtual machine
The way to use NAT for the virtual machine is that it is on the same network segment as the real machine, that is, the attacking machine, and then check the IP address
Then you can ping the ip address to see if the two machines are connected
Then we can use nmap to scan the target drone to see which ports are open. We can use the nmap -O parameter (the parameter here is a capital o).
It can be seen that the SMB service of port 445 is opened here. At this time, we can use hydra to brute force it. Download and open the hydra software in the folder where the hydra is stored, or you can set the environment variables yourself.
Use method such as: hydra.exe -l user -P pass.txt ip address port service name command for password blasting
Where -l is the parameter followed by the user name. If the user name is known, fill in lowercase l. If you don’t know the user name, fill in uppercase L and add the username dictionary. The password dictionary is added after the -P parameter. Because a password dictionary will be used here, you also need to prepare a password dictionary and put it in the same directory as the hydra software.