7 hours 6 minutes
Hey, everyone, welcome back to the course. So in this video, we're gonna do a simple password crack against our target machine. So again, that met exploitable machine, and we're gonna be using a tool called Medusa to do so.
So first things first, we're gonna actually make sure we can actually access that target machine. So we're just gonna pick it real quick? Make sure we have a connection to that target again. It's the same I p address about news and throughout the course, 10 0 to 7 on. That's for my machines there. If you do it on, if you set up your own virtual environment, obviously, your I p address will likely be different.
We're next going to do a quick and map version
command. So we're gonna be looking for the were to be doing version ing of this I p address and where it's gonna give us back information about the ports as well as the service is running on those ports
and you notice under port 5900 that we have DNC running on this target machine. So that indicates to us that the attack we're gonna try to do to crack the passwords
is likely gonna be successful. So let's clear our screen here real quick, and we'll go ahead and do our call for Medusa. We're going to specify our host and then we'll specify the user directory.
All right, so we're gonna use our passwords file here, and we're going to specify the past to it. So basically, we're using the word list to try to crack the passwords on the target machine.
And then we're just gonna specify that we're looking to target the V NC,
and it's gonna take some time to run this. It's basically gonna run against 1000 9, ports and see if any of these are able to get us the password back. You noticed we're already getting some results back. You notice the word password all over case
being used for many of the users on this target machine. So, for example, user, I love you, user princess,
and so on and so forth. And this may take quite a while to run, and we'll probably stop it at a certain point here.
But you're getting the general idea that, uh, medicine palatable is obviously a week machine. But the concept here. Is that you? You may be able to crack the password on the target on this could be a simple way of showing. Hey, they are using this week password. You'll find many times, at least in the pen test. I've done that.
They're using week or default credential. So they're using password or password. 1234123456 Or
but, you know, like these common passwords that people use eso you see where all done with our scan there.
And so what we're gonna do now is, since we were able to identify those passwords and all, a lot of them were just saying the word password all over case
we're gonna do use X tight DNC viewer to that I p address, and we're gonna attempt to log in with the password all over case.
All right, so you see here we're establishing that connection, and now we're just gonna type in password all lower case. You won't see it on screen because you won't see passwords when you type them into Lennox. But you'll see here we have root. Right? So now we're inside that target machine. We have root access in that target machine, and we could take a peek around the various things.
So, for example, we can look at the user name of this machine. We see the user name Miss Lennox weaken list to see what's actually on this machine. So what files are on here with directories?