Introduction
In this lab, you will learn how to perform brute-force attacks against weak password authentication services. If a network service requires authorization to access, and the authorization mechanism relies on usernames and passwords, weak password vulnerabilities can become a common attack target. This type of vulnerability is typically caused by users configuring weak passwords, such as "123456".
The most straightforward approach to exploit weak passwords is to use a dictionary-based brute-force attack. The dictionary file containing potential usernames and passwords is crucial in this attack. The attacker attempts to connect using the username and password combinations from the dictionary until a successful connection is established.
In this lab, you will utilize the Metasploit Framework (MSF) terminal on the Kali Linux environment within the LabEx platform to perform brute-force attacks against the SSH and VNC services on the Metasploitable2 target machine.
Note: The cloud instances used in this lab have a limited number of available instances due to cost constraints. Please ensure you start the lab environment only when you have sufficient time to complete the exercises, in order to avoid wasting instances.