Set Up a Test Environment for Hydra

Introduction

In this lab, you will learn how to set up a test environment for Hydra by installing and configuring an OpenSSH server on your LabEx VM. This controlled environment will allow you to safely practice password cracking techniques in later exercises.

You'll configure the SSH server to enable password authentication and root login, essential for Hydra testing. The process includes modifying configuration files, restarting services, and verifying the setup for subsequent security testing.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL hydra(("Hydra")) -.-> hydra/HydraGroup(["Hydra"]) hydra/HydraGroup -.-> hydra/installation("Installation and Setup") hydra/HydraGroup -.-> hydra/single_username("Single Username Attack") hydra/HydraGroup -.-> hydra/single_password("Single Password Attack") hydra/HydraGroup -.-> hydra/target_ip("Target IP Specification") hydra/HydraGroup -.-> hydra/target_service("Target Service Selection") hydra/HydraGroup -.-> hydra/ssh_attack("SSH Brute Force") hydra/HydraGroup -.-> hydra/troubleshooting("Basic Troubleshooting") subgraph Lab Skills hydra/installation -.-> lab-549921{{"Set Up a Test Environment for Hydra"}} hydra/single_username -.-> lab-549921{{"Set Up a Test Environment for Hydra"}} hydra/single_password -.-> lab-549921{{"Set Up a Test Environment for Hydra"}} hydra/target_ip -.-> lab-549921{{"Set Up a Test Environment for Hydra"}} hydra/target_service -.-> lab-549921{{"Set Up a Test Environment for Hydra"}} hydra/ssh_attack -.-> lab-549921{{"Set Up a Test Environment for Hydra"}} hydra/troubleshooting -.-> lab-549921{{"Set Up a Test Environment for Hydra"}} end

Install a Local SSH Server

In this step, you will install an OpenSSH server on your LabEx VM. Let's first understand what SSH is - it stands for Secure Shell, which is a network protocol that creates a secure channel between two computers over an insecure network. This is particularly important when you need to remotely access a system while keeping your communication encrypted.

The OpenSSH server we're installing is the most common implementation of the SSH protocol on Linux systems. By setting this up, we're creating a controlled environment where we can safely test password cracking tools like Hydra later in the lab. This is similar to how security professionals test systems for vulnerabilities in a safe, isolated environment.

First, we need to update your package list. This ensures your system knows about the latest available versions of software packages:
```
sudo apt update
```
The sudo command gives you administrator privileges, while apt update refreshes your system's list of available packages.
Now install the OpenSSH server package. This will download and set up all necessary components for running an SSH server:
```
sudo apt install -y openssh-server
```
The -y flag automatically answers "yes" to any prompts during installation, making the process smoother.
Since we're working in a Docker container (a lightweight, isolated environment), we need to manually start the SSH service. Normally, it would start automatically, but we'll handle that configuration later:
```
sudo service ssh start
```
Let's verify that the SSH server is running properly. This command checks the current status of the SSH service:
```
sudo service ssh status
```
You should see output containing "active (running)" which confirms the service is working correctly.
Finally, we'll check that the SSH server is listening on the default port (22). Ports are like doors that services use to communicate, and SSH traditionally uses port 22:
```
ss -tulnp | grep sshd
```
The ss command shows socket statistics, and we're filtering for SSH-related entries. You should see output showing sshd listening on *:22 or 0.0.0.0:22, meaning it's ready to accept connections on all network interfaces.

Configure SSH Server for Testing

In this step, you will configure the SSH server to enable password authentication, which is necessary for testing with Hydra in later steps. SSH (Secure Shell) is a protocol that allows secure remote access to systems. By default, modern SSH configurations prioritize security by disabling password authentication in favor of key-based authentication. However, since Hydra is a password-cracking tool, we need to temporarily enable password authentication for testing purposes.

First, make a backup of the original SSH configuration file. This is a good practice before making any system changes, allowing you to restore the original settings if needed:
```
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
```
Open the SSH server configuration file for editing. We're using nano, a simple text editor suitable for beginners. The file contains all the settings that control how your SSH server operates:
```
sudo nano /etc/ssh/sshd_config
```
Find and modify the following lines (or add them if they don't exist). These settings enable password authentication and allow root login, which we need for our testing environment:
```
PasswordAuthentication yes
PermitRootLogin yes
```
Save the file (Ctrl+O, Enter) and exit nano (Ctrl+X). Remember that changes won't take effect until we restart the SSH service.
Restart the SSH service to apply the changes. This tells the system to reload the configuration file with our new settings:
```
sudo service ssh restart
```
Verify the new configuration is active. This command checks the current SSH configuration and filters for our specific settings to confirm they're properly enabled:
```
sudo sshd -T | grep -E "passwordauthentication|permitrootlogin"
```
You should see output confirming both settings are enabled. If not, double-check that you saved the file correctly and restarted the service.

Create Test User Accounts

In this step, you will create test user accounts with intentionally weak passwords. These accounts will serve as targets when we later use Hydra to demonstrate SSH brute-force attacks. Creating such test accounts helps us safely simulate real-world scenarios where attackers might exploit weak credentials.

Let's create three test users with common weak passwords. These passwords are deliberately simple because we want Hydra to be able to crack them during our testing. In real systems, you should always use strong, complex passwords.

Create three test users with simple passwords (we'll use these for testing):

sudo useradd -m -s /bin/bash testuser1
echo "testuser1:password123" | sudo chpasswd

sudo useradd -m -s /bin/bash testuser2
echo "testuser2:qwerty" | sudo chpasswd

sudo useradd -m -s /bin/bash testuser3
echo "testuser3:letmein" | sudo chpasswd

The useradd command creates each user with a home directory (-m) and sets their shell to bash (-s /bin/bash). The chpasswd command then sets the password for each user.

Verify the users were created successfully:
```
id testuser1
id testuser2
id testuser3
```
The id command shows user information. You should see output confirming each user exists, including their user ID (UID), group ID (GID), and group membership. This verification step ensures our test accounts are properly set up before we proceed.
Check that the passwords were set correctly by attempting to switch to each user (you'll need to enter the passwords you just set):
```
su - testuser1
exit
su - testuser2
exit
su - testuser3
exit
```
The su - username command lets you switch to another user account. After entering each password, you should briefly see the command prompt change to indicate you're logged in as that user. The exit command returns you to your original session. This step confirms the passwords work as expected.
(Optional) Create a text file containing the test credentials for reference:
```
echo -e "testuser1:password123\ntestuser2:qwerty\ntestuser3:letmein" > ~/project/test_credentials.txt
```
This creates a text file listing all test credentials in username:password format. While not strictly necessary, having this reference file can be helpful during testing. The -e flag enables interpretation of backslash escapes like \n for new lines.

Start the SSH Service

In this step, you will ensure the SSH service is properly running and configured to start automatically. SSH (Secure Shell) is a network protocol that allows secure remote access between computers. In our Hydra testing environment, we need SSH running continuously so we can perform password cracking tests reliably.

First, let's check if the SSH service is currently active. This command shows the current status of the SSH daemon (sshd):
```
sudo service ssh status
```
If it's not running, you'll see "inactive (dead)" in the output. This means the SSH service is currently stopped and not accepting any connections.
If the service isn't running, we need to start it. This command initializes the SSH daemon:
```
sudo service ssh start
```
After starting the service, let's verify it's properly running. The status command now should show different output:
```
sudo service ssh status
```
You should now see "active (running)" in the output, indicating the SSH service is ready to accept connections.
Since we're working in a Docker container (a lightweight, isolated environment), we need to ensure SSH starts automatically when the container restarts. This line adds a startup command to your bash configuration file:
```
echo 'sudo service ssh start' >> ~/.bashrc
```
The .bashrc file runs automatically when you start a new terminal session, so this ensures SSH will always start when the container boots up.
Finally, let's confirm SSH is listening on the correct network port (port 22 is the default for SSH). This command shows all active network connections:
```
sudo netstat -tulnp | grep sshd
```
You should see output showing sshd listening on 0.0.0.0:22, which means the SSH server is properly configured to accept connections from any network interface on the standard SSH port.

Verify SSH Server Accessibility

In this final step, we'll verify that your SSH server is properly configured and accessible. This is crucial because Hydra (the password cracking tool we'll use in later labs) requires a functional SSH service to test against. We'll perform several checks to ensure everything works as expected.

First, let's check if the SSH service is actually running. Services can sometimes fail to start or crash unexpectedly, so this is our first sanity check:
```
sudo service ssh status
```
The output should clearly show "active (running)". If it doesn't, we'd need to troubleshoot the service before proceeding.
Now we'll test local SSH access using one of the test accounts we created earlier. This simulates how Hydra will attempt to connect:
```
ssh testuser1@localhost
```
When prompted, enter the password "password123" (the one we set up earlier). After successfully logging in, type exit to return to your main session. This confirms basic password authentication works.
Let's specifically test password authentication (as Hydra primarily brute-forces passwords). We'll force SSH to use password auth and intentionally provide a wrong password:
```
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no testuser1@localhost
```
Enter any incorrect password when prompted. The server should reject the connection, which is the expected behavior we want to see.
Next, we'll verify the SSH server is listening on the correct network interface and port. This ensures remote connections (like from Hydra) can reach the service:
```
sudo netstat -tulnp | grep sshd
```
You should see sshd listening on 0.0.0.0:22, meaning it accepts connections from any network interface on the standard SSH port (22).
Finally, let's examine the authentication logs to see our test attempts recorded. Logs are valuable for troubleshooting and understanding what's happening behind the scenes:
```
sudo tail -n 10 /var/log/auth.log
```
Look for entries showing your successful login (step 2) and failed attempt (step 3). These logs will also be important when analyzing Hydra's attack attempts later.

Summary

In this lab, you have learned how to set up a test environment for Hydra by installing and configuring an OpenSSH server on a LabEx VM. The process included updating packages, installing the SSH server, and verifying its operation status while configuring authentication settings for testing purposes.

You also practiced creating test user accounts to simulate real-world scenarios and prepared the environment for password security testing. This lab provided essential hands-on experience in configuring SSH servers and establishing controlled environments for security tool experimentation.