iOS App Penetration Testing: Cracking SSH Passwords with Hydra

May 9, 2017 | Views: 5639

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello Guys,

This is my first video on Cybrary. It deals with cracking SSH Passwords with Hydra. Yes, I know the video is old (from 2014), but the info is still relevant. If you have any questions, please comment below and I’ll answer as soon as possible.

Transcript:

0:00
alright welcome back to another video
0:02
from insect X is application penetration
0:06
distinct course in the previous video we
0:10
have seen how someone can actually
0:12
exploit your iphone using metasploit if
0:15
you don’t change your default password
0:17
of ssh now in this video we’re going to
0:21
see the same attack but not with
0:23
metasploit rather they are going to use
0:25
a tool called hydra tu brute force your
0:28
password and then login to your iPhone
0:31
using an ssh client so let us begin I
0:36
have logged in to my cali linux using
0:39
ssh so first like any other pen tells
0:44
let’s begin with information gathering
0:46
in my case if config this is the IP
0:50
address of mike my machine and lemme
0:54
scan for the IP addresses between one
1:00
ninety two dot one sixty eight dot one
1:03
dot 100 which is Callie’s you know IP
1:07
address and 103 looks like again your
1:12
iphone is down yep so we have got one
1:17
ninety two dot one sixty eight dot one
1:19
dot one or two just like what we have
1:21
got in the previous video now let us
1:24
type nmap hyphen o and one ninety two
1:30
dot one sixty eight dot one dot one or
1:32
two to identify the operating system
1:36
details of your remote system which in
1:39
which in our case is iphone
1:46
so let’s wait for a while it takes a
1:48
couple of seconds
2:06
we have got the output so if you see
2:11
this this is the operating this is this
2:13
is the line which says operating system
2:14
details this is what exactly we have got
2:17
in the previous video as well and the
2:19
network distance is one hop we are
2:21
connected to the same network and as you
2:25
can see SH is running as 22 the port
2:30
number 22 is also open so that’s why as
2:33
such is running over there so what we
2:37
going to do is let’s use a tool called
2:40
Hydra you can just type it in the
2:43
command line it it gives the all it
2:45
gives all the options along with the
2:47
syntax or there now what I’m going to do
2:51
is rather than complicating the task I
2:53
am just going to use the simple syntax
2:55
which is already given by Hydra itself
2:57
so let me copy this and paste lo there
3:03
as you can see let me remove this let me
3:06
clear the screen all right so Hydra
3:14
hyphen L let me paste it over there
3:18
rather so hyphen L is which this is
3:23
something which specifies a username so
3:25
in my case it is root this login name
3:28
and pass this dot txt is the file which
3:33
contains the password that can be used
3:35
to brute force the password of your
3:37
target in my case I’m going to use the
3:44
passwords dot txt file which is there on
3:47
my desktop you can actually go ahead and
3:52
say this great I have passwords dot txt
3:57
on my desktop so let’s change this to
4:02
ssh and change the IP address as well
4:08
one ninety two dot one sixty eight dot
4:10
one dot one or two press Enter awesome
4:15
it is attacking surveys SH on port
4:18
number 22
4:19
and we have successfully completed one
4:23
valid password found its Alpine so this
4:29
is how one can actually brute force your
4:31
passwords and log into your you know
4:34
devices now we can actually log in to
4:39
your iPhone using the same technique
4:42
which we have been seeing right from the
4:45
beginning of the course using ssh client
4:49
it will ask you for the password and the
4:52
default password is alpine this is what
4:55
we got here so this is how one can
4:57
actually log into your iPhone using ssh
5:00
one can crack your s such passwords
5:02
using Hydra and log in using any ssh
5:05
client so from here onwards you get the
5:07
attacker can actually do anything he
5:09
wants on your iPhone he can see all the
5:11
SMS contacts call logs and he can do a
5:15
couple of other things so that’s all I
5:18
have in mind for this video thanks for
5:20
watching it thanks a lot
Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel