Password Cracking:SNMP

In this article, we will learn how to gain control over our victim’s SNMP service. There are various ways to do it and let take time and learn all those because different circumstances call for a different measure.

Hydra

Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, FTP, HTTP, HTTPS, smb, several databases, and much more

Now, we need to choose a word list. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

-P:  denotes the path for the password list

Once the commands are executed it will start applying the dictionary attack and so you will have the right username and password in no time. As you can observe that we had successfully grabbed the SNMP password as ignite123.

xHydra

This is the graphical version to apply dictionary attack via SNMP port to hack a system. For this method to work:

Open xHydra in your Kali. And select Single Target option and their give the IP of your victim PC. And select SNMP in the box against Protocol option and give the port number 161 against the port option.

Now, go to Passwords tab and in Username section check the box adjacent to Protocol doesn’t require a username.

Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

Now go to the specific Tab and in the SNMP and clear the data written in the text box below the SNMP as shown in the given image.

When you will clear all entries it will look like as shown in the next image given below.

After doing this, go to the Start tab and click on the Start button on the left.

Now, the process of dictionary attack will start. Thus, you will obtain the password of your victim.

As you can see that we have the password ignite123 cracked.

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, SNMP, and VNC to name a few

Run the following command

 Here

-h: denotes host IP

-u: denote a particular user

But Brute forcing SNMP doesn’t require username but medusa doesn’t work without a proper syntax, you can use any username of your choice

P:  denotes the path for the password list

As you can observe that we had successfully grabbed the SNMP password as ignite123.

Metasploit

This module will test SNMP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Open Kali terminal type msfconsole

 From given below image you can observe that we had successfully grabbed the SNMP password.

Nmap

We can also crack the SNMP password using nmap, execute given below command.

As you can see above that we have the password cracked as ignite123.

Onesixtyone

Onesixtyone is an SNMP scanner that sends multiple SNMP requests to multiple IP addresses, trying different community strings and waiting for replies.

As you can see above that we have the password cracked as ignite123 using onesixtyone

 

Author: Pavandeep Singh is a Technical Writer, Researcher and Penetration Tester Contact here

Password Cracking:MS-SQL

In this article, we will learn how to gain control over our victim’s PC through 1433 Port use for MSSQL service. There are various ways to do it and let take time and learn all those because different circumstances call for a different measure.

Let’s start!!

Hydra

Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, vnc, http, https, smb, several databases, and much more

Now, we need to choose a word list. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

Here,

-P:  denotes path for the password list

-L: denotes path of the username text file (sa is default user of Mssql)

Once the commands are executed it will start applying the dictionary attack and so you will have the right password in no time. As you can observe that we had successfully grabbed the MSSQL password as [email protected]

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, MSSQL, HTTP, IMAP, rlogin, SSH, Subversion, and MSSQL to name a few

Run the following command

Here,

-u: denotes username (sa is default user of Mssql)

-P:  denotes path for the password list

As you can observe that we had successfully grabbed the MSSQL password as [email protected]

 xHydra 

This is the graphical version to apply dictionary attack via 1433 port to hack a system. For this method to work:

Enter xHydra in your Kali Linux terminal. And select Single Target option and their give the IP of your victim PC. And select MSSQL in the box against Protocol option and give the port number 1433 against the port option.

Now, go to Passwords tab and select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to the Start tab and click on the Start button on the left.

Now, the process of dictionary attack will start. Thus, you will attain the username:sa and password of your victim.

Metasploit

This module simply queries the MSSQL instance for a specific user/pass (default is sa with blank).

Awesome!! From given below image you can observe the same password: [email protected] have been found by Metasploit.

Nmap

Given below command will attempt to determine username and password through brute force attack against MS-SQL by means of username and password dictionary.

In the specified image, you can observe that we had successfully retrieve credential for usersUsername: sa and password: [email protected]

AuthorRahul Virmani is a Certified Ethical Hacker and the researcher in the field of network Penetration Testing (CYBERSECURITY).   Contact Here

Password Cracking:VNC

In this article, we will learn how to gain control over our victim’s PC through 5900 Port use for VNC service. There are various ways to do it and let take time and learn all those because different circumstances call for a different measure.

Table of Contents

  • Hydra
  • X-Hydra
  • Medusa
  • Ncrack
  • Patator
  • Metasploit

 Let’s starts!!

 xHydra

This is the graphical version to apply dictionary attack via 5900 port to hack a system. For this method to work:

Enter xHydra in your Kali Linux terminal. And select Single Target option and there give the IP of your victim PC. And select VNC in the box against Protocol option and give the port number 5900 against the port option.

Now, go to Passwords tab and select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to the Start tab and click on the Start button on the left.

Now, the process of dictionary attack will start. Thus, you will obtain the username and password of your victim.

Hydra

Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, vnc, http, https, smb, several databases, and much more

Now, we need to choose a word list. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

-P:  denotes the path for the password list

-s: denote destination port number

-t: Run TASKS number of connects in parallel

Once the commands are executed it will start applying the dictionary attack and so you will have the right password in no time. As you can observe that we had successfully grabbed the VNC password as 098765

Metasploit

This module will test a VNC server on a range of machines and report successful logins. Currently, it supports RFB protocol version 3.3, 3.7, 3.8 and 4.001 using the VNC challenge-response authentication method.

Awesome!! From given below image you can observe the same password: 098765 have been found by Metasploit.

Patator

 Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. It is quite useful for making brute force attack on several ports such as VNC, HTTP, SMB and etc.

From given below image you can observe that the process of dictionary attack starts and thus, you will obtain the password of your victim.

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, VNC, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few

Run the following command

Here

-u: denotes username

-P:  denotes the path for the password list

As you can observe that we had successfully grabbed the VNC password like 098765.

Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. 

Run the following command

 Here

-U: denotes the path for username list

-P:  denotes the path for the password list

As you can observe that we had successfully grabbed the vnc password like 098765.

Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher  Contact Here