Brute-Forcing SSH and VNC Remote Connections

Introduction

In this lab, you will learn how to perform brute-force attacks against weak password authentication services. If a network service requires authorization to access, and the authorization mechanism relies on usernames and passwords, weak password vulnerabilities can become a common attack target. This type of vulnerability is typically caused by users configuring weak passwords, such as "123456".

The most straightforward approach to exploit weak passwords is to use a dictionary-based brute-force attack. The dictionary file containing potential usernames and passwords is crucial in this attack. The attacker attempts to connect using the username and password combinations from the dictionary until a successful connection is established.

In this lab, you will utilize the Metasploit Framework (MSF) terminal on the Kali Linux environment within the LabEx platform to perform brute-force attacks against the SSH and VNC services on the Metasploitable2 target machine.

Note: The cloud instances used in this lab have a limited number of available instances due to cost constraints. Please ensure you start the lab environment only when you have sufficient time to complete the exercises, in order to avoid wasting instances.

Understand the Environment

In this step, you will learn about the lab environment and the prerequisites for performing the brute-force attacks.

The lab environment consists of two components:

1. Attack Machine: A Kali Linux container that needs to be started using the docker command and accessed through the bash shell.
2. Target Machine: A Metasploitable2 virtual machine with the hostname target and IP address 192.168.122.102. The default username and password for this machine are msfadmin/msfadmin. This machine needs to be started using the Libvirt virtual machine management system.

The attacks will be carried out from the Kali Linux environment using the Metasploit Framework (MSF) against the target machine.

To start the lab environment, follow these steps:

1. Launch an XFCE terminal on the LabEx host machine (Ubuntu desktop).

2. Start the Metasploitable2 target machine using the following command:

sudo virsh start Metasploitable2

3. Test the connectivity to the target machine using the ping command (you can use Ctrl+C to stop the ping):

ping 192.168.122.102

4. Start the Kali Linux container and enter the bash shell using the following command:

docker run -ti --network host b5b709a49cd5 bash

5. Test the network connectivity from the Kali container to the target machine using the ping command (you can use Ctrl+C to stop the ping):

ping 192.168.122.102

Now both the attack machine (Kali container) and the target machine (Metasploitable2) are running, and you can proceed with the brute-force attacks.

Note: If you accidentally exit the bash shell, the Kali container will stop. You can restart a new Kali container and enter the bash shell again by running the docker run -ti --network host b5b709a49cd5 bash command on the LabEx host machine.

Brute-Forcing SSH

In this step, you will learn how to perform a brute-force attack against the SSH service on the Metasploitable2 target machine using the Metasploit Framework (MSF) on the Kali Linux environment.

1. On the Kali Linux container, launch the Metasploit console:

cd ~
msfconsole

2. Within the Metasploit console, use the auxiliary/scanner/ssh/ssh_login module for the SSH brute-force attack:

use auxiliary/scanner/ssh/ssh_login

3. Configure the required options for the attack:

• Set the target host:

set rhosts 192.168.122.102

• Set the password dictionary file (you can use the provided /usr/share/metasploit-framework/data/wordlists/piata_ssh_userpass.txt file):

set userpass_file /usr/share/metasploit-framework/data/wordlists/piata_ssh_userpass.txt

• Set the verbosity to false to avoid excessive output:

set verbose false

4. Review the configured options:

show options

5. Launch the brute-force attack:

exploit

The attack will begin, attempting to log in to the SSH service using the username and password combinations from the specified dictionary file. Once a successful login is found, the corresponding credentials will be displayed.

Note: The brute-force process can take a long time. You can interrupt the process by pressing Ctrl+C after the first successful login is displayed, if desired.

6. After a successful login is found, the attack script will automatically create an SSH session. You can switch to the session using the sessions -i <session_id> command, where <session_id> is the session ID displayed in the output.

7. Within the SSH session, you can execute various commands on the target machine.

Press Ctrl+D to quit the Metasploit console then start the inspection

Brute-Forcing VNC

In this step, you will learn how to perform a brute-force attack against the VNC service on the Metasploitable2 target machine using the Metasploit Framework (MSF) on the Kali Linux environment.

1. First of all, if you are not in the Metasploit console, you should start the Metasploit console:

cd ~
msfconsole

2. Within the Metasploit console, use the auxiliary/scanner/vnc/vnc_login module for the VNC brute-force attack:

use auxiliary/scanner/vnc/vnc_login

3. Configure the number of threads for the attack (more threads will make the attack faster, but may also increase the chance of detection):

set THREADS 5

4. Set the target host IP address:

set RHOSTS 192.168.122.102

5. Launch the brute-force attack:

exploit

6. The attack results will be displayed quickly, as the VNC login does not require a username and only attempts common weak passwords.

Press Ctrl+D to quit the Metasploit console then start the inspection

Summary

In this lab, you learned how to perform brute-force attacks against weak password authentication services using the Metasploit Framework (MSF) on the Kali Linux environment. Specifically, you carried out brute-force attacks against the SSH and VNC services on the Metasploitable2 target machine.

The lab covered the following key concepts:

• Understanding the lab environment and prerequisites
• Configuring the Metasploit Framework for brute-force attacks
• Utilizing password dictionary files for brute-force attacks
• Performing brute-force attacks against the SSH service
• Analyzing the SSH brute-force attack script
• Performing brute-force attacks against the VNC service

Through this hands-on experience, you gained practical knowledge and skills in conducting brute-force attacks against weak password authentication services, which is a crucial aspect of penetration testing and ethical hacking.