1 00:00:00,150 --> 00:00:07,320 OK, guys, so we went over, met this boy and actually doing setting off some boys and using metastable 2 00:00:07,380 --> 00:00:10,590 to break into systems, but there are other ways to do it as well. 3 00:00:10,740 --> 00:00:11,600 In what ways? 4 00:00:11,610 --> 00:00:12,650 A brute force attack. 5 00:00:13,080 --> 00:00:16,060 So you don't always have to use the exploit you. 6 00:00:16,230 --> 00:00:19,800 Like I was saying, you can pretty much brute force you into the system. 7 00:00:19,950 --> 00:00:21,690 And it's exactly what it sounds like. 8 00:00:22,290 --> 00:00:27,090 You know, when you launch a brute force attack, you continuously just trying to log into a specific 9 00:00:27,090 --> 00:00:30,060 account or at least accounts kind of depends on how you set it up. 10 00:00:30,840 --> 00:00:35,400 And you usually have a large password, a file, and you just keep going. 11 00:00:35,400 --> 00:00:39,450 And so you get access and it typically works against systems. 12 00:00:39,450 --> 00:00:46,050 They use weak passwords and trust me, a lot of systems passwords or have the default passwords. 13 00:00:47,010 --> 00:00:50,490 So it's typically going to work better against those systems. 14 00:00:50,670 --> 00:00:54,810 And like, if you know something about like, you know, how many characters the password is or what 15 00:00:54,810 --> 00:00:57,460 the structure is, that makes it a lot easier as well. 16 00:00:58,020 --> 00:01:02,970 So a good tool for brute force is actually got to hydrate. 17 00:01:03,300 --> 00:01:10,140 So Hydra is a program and cause on Linux by default, and it's going to allow you to launch some brute 18 00:01:10,140 --> 00:01:10,830 force attacks. 19 00:01:11,640 --> 00:01:14,760 And the typical syntax for it is as follows. 20 00:01:14,790 --> 00:01:23,310 So he's going to Hydra, that's command dash L and S username dash P, the list you're going to link 21 00:01:23,310 --> 00:01:30,450 over to a wordlist file and then you put the IP address that you're targeting and then also the login 22 00:01:30,450 --> 00:01:30,870 with it. 23 00:01:31,740 --> 00:01:40,890 So like an example is Hijau Dash L Route P world is that t t the target address and then ECES H. 24 00:01:41,070 --> 00:01:49,350 So this is going to attempt to brute force that IP address over s h for the root account using each 25 00:01:49,350 --> 00:01:52,270 password inside of this wordlist that we have right there. 26 00:01:53,100 --> 00:01:56,790 So this is pretty much how Hydra works. 27 00:01:58,070 --> 00:02:02,180 So let's actually go ahead and check this out. 28 00:02:02,630 --> 00:02:07,250 OK, guys, so back in our colonics machine, so let's go ahead and check out how to use hydrous. 29 00:02:07,250 --> 00:02:17,900 So as I said before, the command for Hijaz does Hijrah and a dash L and then you would just do whatever 30 00:02:17,930 --> 00:02:19,010 username you wanted to do. 31 00:02:19,010 --> 00:02:26,420 So in this case, we could try like Envisat admin and then we wanted to dash PEV to a list. 32 00:02:26,600 --> 00:02:28,400 So let's say I have a word list. 33 00:02:28,970 --> 00:02:32,990 So actually I'm going to do that right now just so that we have this word lists. 34 00:02:32,990 --> 00:02:38,260 And just to be safe, I'm not sure what directory you are in the work directory. 35 00:02:38,280 --> 00:02:40,370 Did you set list? 36 00:02:40,700 --> 00:02:41,010 Perfect. 37 00:02:41,220 --> 00:02:44,770 OK, so I'm going to change to that directory. 38 00:02:45,500 --> 00:02:56,990 So let's see so that I can rouverol quick CD Sutcliffe's and then I'm going to create a new file. 39 00:02:57,000 --> 00:03:02,120 So just like passwords and then let's see. 40 00:03:02,120 --> 00:03:04,580 So we want to make like a quick pastoralist's. 41 00:03:05,060 --> 00:03:07,910 So there's only ones available that I'm going to show you in a moment. 42 00:03:07,910 --> 00:03:09,950 But just to show you how I do works. 43 00:03:10,220 --> 00:03:14,720 So let's see, let's just try like sumos or password. 44 00:03:16,010 --> 00:03:18,470 Password once you three. 45 00:03:18,700 --> 00:03:27,530 Um, I don't know, I an administrator and then let's put em in at the bottom just because we know this 46 00:03:27,530 --> 00:03:27,970 password. 47 00:03:28,430 --> 00:03:32,300 But the point is, you're going to have a wordlist list that's going to have a lot of different passwords 48 00:03:32,300 --> 00:03:35,670 in it and it's going to go through each one of them and try to brute force into the account. 49 00:03:36,050 --> 00:03:38,290 So let's do it right quick on this. 50 00:03:38,420 --> 00:03:42,520 Uh, so now we can go back over here. 51 00:03:42,770 --> 00:03:45,090 So let's do our hijau come in. 52 00:03:45,890 --> 00:03:54,680 So just to confirm as well, just do it last and we see our passwords file that we created, so. 53 00:03:55,680 --> 00:04:04,180 Let me see, we are going to do Hijrah Dash l unless you have an. 54 00:04:05,750 --> 00:04:15,980 The SPI passwords, and then we're going to do targets one at zero one six eight one zero one six eight. 55 00:04:16,900 --> 00:04:23,780 The five six one zero four SDH is never going to enter and see what happens. 56 00:04:23,800 --> 00:04:32,170 So now is going through and is brute forcing and hey said we found Love You and Mr. MSF Admin and the 57 00:04:32,170 --> 00:04:33,700 password is MSF admin. 58 00:04:33,710 --> 00:04:36,250 So it does it pretty quickly. 59 00:04:36,250 --> 00:04:41,290 Even if you have like a gigantic like wordlist, actually you can do it pretty quickly. 60 00:04:41,290 --> 00:04:44,290 It's pretty useful, pretty handy tool for brute force. 61 00:04:45,160 --> 00:04:54,190 It just to show you guys really quickly, there is a folder or there is a GitHub repository that I recommend 62 00:04:54,190 --> 00:04:59,970 that you closed down so I can actually show you it over here. 63 00:05:00,160 --> 00:05:07,420 So if you just go to Google and type in sexless GitHub, so I'm right here. 64 00:05:08,290 --> 00:05:11,500 But you guys grab this, you are your GitHub dot com. 65 00:05:11,740 --> 00:05:18,310 See, we can just grab that and then you could do a get Kalanchoe in and. 66 00:05:19,250 --> 00:05:24,850 Just clone that repository, and that's what that's the folder that I'm in right now, so you can go 67 00:05:24,860 --> 00:05:25,670 in and clone that. 68 00:05:25,790 --> 00:05:33,710 And what it is, is a bunch of, like, lists of different username, username lists, password list 69 00:05:33,710 --> 00:05:34,190 and stuff. 70 00:05:34,190 --> 00:05:38,450 So if you wanted to get passwords, we can change over passwords. 71 00:05:38,970 --> 00:05:40,790 I would do a list and see what's in here. 72 00:05:40,790 --> 00:05:45,670 And it's a bunch of text files with all kinds of passwords inside of it. 73 00:05:45,680 --> 00:05:46,550 So it's pretty useful. 74 00:05:47,450 --> 00:05:55,850 These are like common credentials, you know, lists of passwords from breaches, you know, typical 75 00:05:55,850 --> 00:05:56,990 things that you're going to find. 76 00:05:56,990 --> 00:06:03,170 And you'll be surprised that a lot of people use these common passwords. 77 00:06:03,770 --> 00:06:06,500 So it's definitely these are gigantic lists, too. 78 00:06:06,920 --> 00:06:11,300 So you can use these when you're doing your ethical hacking and it might actually be able to get you 79 00:06:11,300 --> 00:06:13,940 access into some systems. 80 00:06:14,160 --> 00:06:21,320 So if we wanted to, we could use one of these passwords, password lists for this for this Haja thing 81 00:06:21,320 --> 00:06:21,770 as well. 82 00:06:21,950 --> 00:06:27,440 But, you know, if we're trying to break in for the MSF admin account, we can maybe put in one of 83 00:06:27,470 --> 00:06:29,060 these as the pastoralists. 84 00:06:29,780 --> 00:06:31,250 So I just wanted to point that out. 85 00:06:31,340 --> 00:06:37,540 And then, like I said before, it also has a bunch of, like, username lists as well. 86 00:06:37,750 --> 00:06:40,640 So you can see the user names. 87 00:06:42,720 --> 00:06:49,500 As to and enlistee different username lists and stuff like that, so definitely a useful repository 88 00:06:49,500 --> 00:06:53,100 and I recommend that if you're going to do any brute force in that, you have these lists available 89 00:06:53,100 --> 00:06:53,390 to you.