Reflection

For this lab we used a handful of tools in Kali to create a word list, scan a remote web server, mangle word lists, and brute force HTTP access and SSH. More specific reflection questions were asked as part of this lab. Those specific questions regard my passwords and for that reason have been excluded from here.

Wordlists Tools

This section will cover the process that I went through to generate the wordlists that were used in the brute force attack and how I executed the attack.

CEWL Command

CEWL is a utility used to create custom word lists. This is what I used to gather my words for the list. The command that was run to generate my master word list is seen below.

cewl -m 5 -d 1 -w wordlist.txt 10.0.5.21/bios/

The command above calls the cewl utility and specifies that the minimum word length is 5 characters (-m 5). It also specifies that the utility should only spider 1 level down, this is also known as depth (-d 1). The last half of the command specifies where the results should be written to (-w wordlist.txt) and the target domain to search (10.0.5.2.21/bios/).

For more information on the cewl utility check out the man page on the Kali Linux site. That entry can be found here.

RSMANGLER Command

Rsmangler is a utility used to mangle word lists. This is important because individuals will add characters in place of standard A-Z characters. They may also combine two or more words together to make a complex password. Rsmangler will help us make these combinations of words to brute force the target account. The following command was executed to mangle the wordlists that I created using cewl.

rsmangler -f smallest-bilbo.txt -o mangled-bilbo.txt -m 9 -x 12 -lseipua

The above command has many flags so I will be listing them below in bullet format.

• -f: This specifies the input file to be used. Can also be --file.
• -o: This specifies the output file. This is where the list will be saved instead of the terminal. Can also be --output.
• -m: This specifies the minimum word length for mangled words. Can also be --min.
• -x: This is the maximum word length for mangled words. --max also works.
• -l: Lowercase the words when mangling. The --lower flag is the same.
• -s: Swap the case of the words when mangling. --swap is the alternative flag.
• -e: Adds “ed” to the end of words when mangling. The alternative is --ed.
• -i: This adds “ing” to the end of words when mangling. The other flag for this is --ing.
• -p: Permutate (change the order or arrangement of) all the words. The alternative is --perms.
• -u: Uppercase the words in the wordlists. The alternative flag is --upper.
• -a: Creates an acronym based on all the words entered in order and adds to the word list. The alternative flag is --acronym.

For more information on this command use this link to navigate to Kali Linux documentation for this utility.

Note: I ran into issues with the mangling of words. The solution to the issue was using all the flags above. When not specifying the flags the mangling took too long.

DIRB Command

The dirb command is used to scan a website for various directories. This was used to try and find a hidden page that we could brute force. This isn’t necessarily needed for password wordlists. Though it can be used to generate a list of pages to scan with cewl. The command used for this lab is seen below.

dirb http://10.0.5.21/ /usr/share/wordlists/dirb/common.txt -r

The -r flag specifies that the utility should not search recursively. The http://10.0.5.21/ link is used to specify the site to be crawled. Finally, the /usr/share/wordlists/dirb/common.txt file path specifies the wordlist used for searching for directories.

For more information on this command use this link to navigate to Kali Linux documentation for this utility.

HYDRA Command

The hydra utility is used to conduct the brute force attacks against the HTTP site as well SSH. The commands for the different services are seen below.

Website Brute Force

sudo hydra -l frodo -P mangled-frodo.txt 10.0.5.21 http-get /admin/ -t 4

SSH Brute Force

sudo hydra -l frodo -P mangled-fordo.txt 10.0.5.21 ssh -t 4

For more information on this command use this link to navigate to Kali Linux documentation for this utility.

Single User Mode

Single-user mode allows us to gain access to a system if we forget the password. This can also be used to repair a system if it is damaged and you can’t log in normally.

On startup, if you hit the space bar you can adjust your startup options in the grub boot menu. This example will use Kali though all of this should apply to any Debian-based system. Once the menu loads you should be presented with a screen similar to the one below.

If you know your root password you can select “Advanced options for Kali GNU/Linux” and then select the second option to enter the recovery mode. For this example, we will pretend we don’t know the root password or that the root password hasn’t been set. We will select “Kali GNU/Linux” instead and press “e”. This should present you with the screen shown below.

You will want to adjust the line that starts with “linux”. That line is highlighted in the image below.

You will want to add the following after splash: single init=/bin/bash then hit ctrl + x. That will present you with a screen like the one below.

Now we will need to mount the root directory (/) as read-write. Do this by running mount -rw -o remount /. We can do things like adjusting the user passwords. Running the passwd command will let you change the root password. Once you finish running the sync command followed by umount / and then reboot.