Password Cracking:PostgreSQL

In this article, we will learn how to gain control over our victim’s PC through 5432 Port use for Postgres service. There are various ways to do it and let take time and learn all those because different circumstances call for a different measure.

Table of Content

  • Hydra
  • X-Hydra
  • Medusa
  • Ncrack
  • Patator
  • Metasploit

Let’s starts!!

Hydra

Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, Postgres, http, https, smb, several databases, and much more

Now, we need to choose a word list. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

-L: denotes path for username list

-P:  denotes path for the password list

Once the commands are executed it will start applying the dictionary attack and so you will have the right username and password in no time. As you can observe that we had successfully grabbed the Postgres username as Postgres and password as postgres.

xHydra

This is the graphical version to apply dictionary attack via 5432 port to hack a system. For this method to work:

Open xHydra in your kali And select Single Target option and there give the IP of your victim PC. And select Postgres in the box against Protocol option and give the port number 5432 against the port option.

Now, go to Passwords tab and select Username List and give the path of your text file, which contains usernames, in the box adjacent to it.

Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to the Start tab and click on the Start button on the left.

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, POSTGRES, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few

Run the following command

Here

-U: denotes path for username list

-P:  denotes path for the password list

As you can observe that we had successfully grabbed the Postgres username as Postgres and password as postgres.

Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. 

Run the following command

 Here

-U: denotes path for username list

-P:  denotes path for the password list

As you can observe that we had successfully grabbed the Postgres username as Postgres and password as postgres.

Patator

 Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. It is quite useful for making brute force attack on several ports such as POSTGRES, HTTP, SMB and etc.

From given below image you can observe that the process of dictionary attack starts and thus, you will attain the username and password of your victim.

Metasploit

This module attempts to authenticate against a PostgreSQL instance using the username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes.

Open Kali terminal type msfconsole Now type 

 From given below image you can observe that we had successfully grabbed the POSTGRES username and password.

Author: Shubham Sharma is a Pentester, Cybersecurity Researcher, Contact Linkedin and twitter.

Password Cracking:MySQL

In this article, we will learn to get control over our victim’s system through MYSQL service that runs on port 3306. There are multiple ways to do it. Let us take a moment to learn all those because various circumstances call for the different-different measure.

Table of Content

  • Medusa
  • Ncrack
  • Hydra
  • xHydra
  • Metasploit

Medusa

Medusa is a speedy, parallel, and modular tool which allows login through brute force. Its goal is to support as many services that allow authentication possible. The key features of this tool are thread-based testing, Flexible user input, Modular design, and Multiple protocols supported. We are going to run this command to crack this log in.

Run the following command

Where [-h] use to assign the victim IP address, [-U] denotes the path for username list, [-P] denotes the path for the password list, [-M] to select the mode of attack.

Ncrack

Ncrack is a network authentication tool, which helps the pen-tester to find out how the credentials that are protecting network access are vulnerable. This tool is a part of the Kali Linux arsenal and comes pre-installed with its package. It also has a unique feature to attack multiple targets at once, which is not seen very often in these tools. Run the following command to exploit port 3306 via Ncrack.

Where [-U] helps us to assign to username list, [-P] helps us to assign the password list, and [-p] will help us to assign the service port number of the victim.

xHydra

It is a GUI version of Hydra; it can be used for both offline and online password cracking. It has all the features and benefits of Hydra in the GUI form. Let’s start the attack by opening the tool.

After opening this tool in the target, it will ask us about the target, service port number, protocol service name, and any other specific output option we want in our attack.

When we completed the details in the target tab, we need to switch into the password tab, where we need to fill up or browse the username and password list for the brute force attack. There are some extra options available in the tab like Try login as password, try empty password, and Try reversed login.

When we complete the details required for the attack, we need to switch the tab to start to initiate the attack on the victim’s server. As we can see that we crack the credentials with our attack.

Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is a very fast, flexible, and new modules are easy to add in the attacks. This tool makes it possible for the researcher and security consultants to show how easy it would be to gain unauthorized access to a system remotely. We are using it the following way to crack the login.

Where [-L] is used to provide the username, [-P] is used to provide the password for the attack.

Metasploit

It is a collaboration between the open-source community and Rapid 7. It helps security teams do more than just verify vulnerabilities, manages security assessments, and improve security awareness.

This module simply queries the MySQL instance for a specific user and pass (default is root with a blank).

This will start brute force attack and try to match the combination for valid username and password using user.txt and pass.txt file.

From the given image, you can observe that our MySQL server is not secure against brute force attack because it is showing a matching combination of username: root and password: toor for login.

Once the attacker retrieves the valid credential he can directly login into Mysql server for stealing or destroying the database information.

Author: Shubham Sharma is a Pentester, Cybersecurity Researcher, Contact Linkedin and twitter.

Password Cracking:SMB

In this article, we will learn how to gain control over our victim’s PC through SMB Port. There are various ways to do it and let take time and learn all those because different circumstances call for a different measure.

Table of Content

  • Hydra
  • X-Hydra
  • Medusa
  • Ncrack
  • Metasploit

xHydra

This is the graphical version to apply dictionary attack via SMB port to hack a system. For this method to work:

Open xHydra in your Kali. And select Single Target option and there give the IP of your victim PC. And select smb in the box against Protocol option and give the port number 445 against the port option.

Now, go to Passwords tab and select Username List and give the path of your text file, which contains usernames, in the box adjacent to it. Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to the Start tab and click on the Start button on the left. Now, the process of dictionary attack will start. Thus, you will attain the username as pc21 and password as 123 of your victim.

Hydra

This is one command method and works efficiently with not much work. This method works in the terminal of kali. Therefore, open the terminal in your kali and type:

Here,

-L –> denotes the path of username list

-P –> is to denote the path of the password

Once the commands are executed it will start applying the dictionary attack and so you will have the right username and password in no time. After a few minutes, Hydra cracks the credential, as you can observe that we had successfully grabbed the SMB username as pc21 and password as 123.

Ncrack

This too is a one command method which also works in the terminal of kali. Go to your terminal and type:

Here,

 -U –> denotes the path of username list

-P –> denotes password file’s path

445 –> is the port number

And so, with little work, we can attain the password and username of our victim’s PC. Hence, all the methods to hack a system through SMB port which is used for file sharing

Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible  Run the following command

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Metasploit

This module will test an SMB login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Once the Metasploit opens type:

Here,

auxiliary/scanner/smb/smb_login> is a module we will use to attempt to login

/root/Desktop/user.txt –> is the path of a text file which is the resident of all the possible usernames.

/root/Desktop/pass.txt –> is the path of a text file in which all the possible passwords resides.

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here