Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Password Guessing

UNTCSC
November 21, 2019
0
19

Password Guessing

UNTCSC

November 21, 2019
Tweet

More Decks by UNTCSC

See All by UNTCSC
Network Simulation
unt_csc
0
38
Password Hashing Fall 2020
unt_csc
0
27
Resume and Interview Workshop
unt_csc
0
29
Security: Why do we Care
unt_csc
0
33
Welcome back fall 2020
unt_csc
0
25
Secure Coding
unt_csc
0
45
UNTCSC Spring 2020 Welcome Back
unt_csc
0
39
Network Security
unt_csc
0
19
Jake From State Farm
unt_csc
0
35

Featured

See All Featured
Music & Morning Musume
bryan
46
6.2k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Faster Mobile Websites
deanohume
305
30k
The Invisible Side of Design
smashingmag
298
50k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Visualization
eitanlees
145
15k
Code Reviewing Like a Champion
maltzj
520
39k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
What's new in Ruby 2.0
geeforr
343
31k

Transcript

  1. Password Cracking (Given a Wordlist) Presented by the UNT Cybersecurity

    Club

  2. Mission Briefing • The target device has a public IP

    address of 40.124.30.225 ◦ Our intel indicates that this device has SSH enabled (port 22) and that the device is running Microsoft Windows ◦ The username to the target account is ‘CybersecurityClub’ • Your goal: break into the target machine • There is a list of passwords (“passwords.txt” on the Discord) ◦ The password to the target account can be found in that list

  3. Other Information • There are over 300 potential passwords in

    our list ◦ This makes brute force by hand impractical • It is advised you write a script or program to aid you in this mission • Best case scenario, you’ll only need to try one password; worst case, you’ll need to try over 300 ◦ Given n potential passwords this is an O(n) problem ◦ On average, we’d expect this to take n/2 attempts ▪ We can reasonably expect to have to attempt over 150 passwords • Time to get to work!

  4. Miscellaneous • You are free to complete this mission in

    any language you desire • Depending on the language you choose, you may want to look into a library to help with the actual SSH functionality ◦ The goal of this challenge is to try many possible passwords, not to write your own SSH client • Feel free to collaborate and ask questions

  5. Strategy and Hints • Each line of the file is

    a potential password • So, we can read the file line by line and attempt to SSH onto the target machine with each password ◦ Depending on the resulting message, we can determine if that password is correct or not • Exact implementations will vary depending on language

  6. My Solutions? • Depending on how everyone is doing and

    how much time we have, I may walk through one of my solutions to this challenge

  7. Closing Remarks • I will upload these slides, along with

    my solutions to this challenge, to the Discord later • I hope everyone here enjoyed this challenge! • Relevant resources: ◦ https://ryanstutorials.net/bash-scripting-tutorial/bash-script.php ◦ https://www.cyberciti.biz/faq/unix-howto-read-line-by-line-from-file/ ◦ https://stackoverflow.com/questions/12202587/automatically-enter-ssh-password-with-scr ipt ◦ https://www.cyberciti.biz/faq/noninteractive-shell-script-ssh-password-provider/