Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Password Guessing

UNTCSC
November 21, 2019
0
19

Password Guessing

UNTCSC

November 21, 2019
Tweet

More Decks by UNTCSC

See All by UNTCSC
Network Simulation
unt_csc
0
38
Password Hashing Fall 2020
unt_csc
0
24
Resume and Interview Workshop
unt_csc
0
22
Security: Why do we Care
unt_csc
0
26
Welcome back fall 2020
unt_csc
0
16
Secure Coding
unt_csc
0
30
UNTCSC Spring 2020 Welcome Back
unt_csc
0
25
Network Security
unt_csc
0
15
Jake From State Farm
unt_csc
0
31

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
22
6.5k
Robots, Beer and Maslow
schacon
PRO
155
8k
Fireside Chat
paigeccino
22
2.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
41
4.5k
The Mythical Team-Month
searls
217
42k
GitHub's CSS Performance
jonrohan
1025
450k
Done Done
chrislema
178
15k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
Imperfection Machines: The Place of Print at Facebook
scottboms
261
12k
4 Signs Your Business is Dying
shpigford
176
21k
Building Your Own Lightsaber
phodgson
100
5.7k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
21
1.6k

Transcript

  1. Password Cracking (Given a Wordlist) Presented by the UNT Cybersecurity

    Club

  2. Mission Briefing • The target device has a public IP

    address of 40.124.30.225 ◦ Our intel indicates that this device has SSH enabled (port 22) and that the device is running Microsoft Windows ◦ The username to the target account is ‘CybersecurityClub’ • Your goal: break into the target machine • There is a list of passwords (“passwords.txt” on the Discord) ◦ The password to the target account can be found in that list

  3. Other Information • There are over 300 potential passwords in

    our list ◦ This makes brute force by hand impractical • It is advised you write a script or program to aid you in this mission • Best case scenario, you’ll only need to try one password; worst case, you’ll need to try over 300 ◦ Given n potential passwords this is an O(n) problem ◦ On average, we’d expect this to take n/2 attempts ▪ We can reasonably expect to have to attempt over 150 passwords • Time to get to work!

  4. Miscellaneous • You are free to complete this mission in

    any language you desire • Depending on the language you choose, you may want to look into a library to help with the actual SSH functionality ◦ The goal of this challenge is to try many possible passwords, not to write your own SSH client • Feel free to collaborate and ask questions

  5. Strategy and Hints • Each line of the file is

    a potential password • So, we can read the file line by line and attempt to SSH onto the target machine with each password ◦ Depending on the resulting message, we can determine if that password is correct or not • Exact implementations will vary depending on language

  6. My Solutions? • Depending on how everyone is doing and

    how much time we have, I may walk through one of my solutions to this challenge

  7. Closing Remarks • I will upload these slides, along with

    my solutions to this challenge, to the Discord later • I hope everyone here enjoyed this challenge! • Relevant resources: ◦ https://ryanstutorials.net/bash-scripting-tutorial/bash-script.php ◦ https://www.cyberciti.biz/faq/unix-howto-read-line-by-line-from-file/ ◦ https://stackoverflow.com/questions/12202587/automatically-enter-ssh-password-with-scr ipt ◦ https://www.cyberciti.biz/faq/noninteractive-shell-script-ssh-password-provider/