1
00:00:01,000 --> 00:00:07,050
OK, just a quick video before we finish this section, I want to mention one thing about Hydra.

2
00:00:07,390 --> 00:00:14,890
Now, Hydra is a powerful tool, and it's not only useful for brute forcing Web pages, it can be used

3
00:00:14,890 --> 00:00:21,120
to brute force different services as well, such as S.H., FTP and others.

4
00:00:21,670 --> 00:00:28,600
And in this example, I just want to show you that if we take a look at our own WASP virtual machine

5
00:00:28,600 --> 00:00:35,860
and we scan it with a map using the F command, which will scan most known hundred ports, we will get

6
00:00:35,860 --> 00:00:36,820
this output.

7
00:00:37,540 --> 00:00:44,830
And if we take a closer look at scan results, we do notice that the target has Port 20 to or in other

8
00:00:44,830 --> 00:00:46,930
words, DSH port open.

9
00:00:48,070 --> 00:00:55,130
So we can try to target the S.H. port with hydrous brute force attack, so let's give it a try.

10
00:00:55,360 --> 00:01:01,420
Now, the first thing that you will notice regarding Hydra with S.H. is that the syntax is rather easy

11
00:01:01,750 --> 00:01:02,730
or much easier.

12
00:01:02,740 --> 00:01:10,840
Then once you're targeting Web pages, all we need to do is specify the IP address, then we type as

13
00:01:10,890 --> 00:01:21,610
S.H. and then bash our users and there should be 30, 60, and this will run the attack on this switchboard

14
00:01:21,970 --> 00:01:23,570
with these two lists.

15
00:01:24,040 --> 00:01:29,680
Now, since we don't have the correct username and password inside of these lists, it gave us an output

16
00:01:29,680 --> 00:01:31,770
that zero valid passwords that.

17
00:01:32,650 --> 00:01:41,350
Now, let's add the correct credentials right here, the correct user name is Root or we already have

18
00:01:41,350 --> 00:01:43,030
routes, so we can just leave it like that.

19
00:01:43,930 --> 00:01:53,260
But correct password is a WASP BVA, so make sure that you add or WASP BVA inside of the password list.

20
00:01:54,400 --> 00:01:56,980
And if I run the comment again.

21
00:01:59,470 --> 00:02:08,590
For some reason, we get incorrect or not, while username once again, so perhaps we need to add another

22
00:02:08,590 --> 00:02:08,919
option.

23
00:02:08,919 --> 00:02:11,740
Let me just go to the help menu real quick.

24
00:02:12,730 --> 00:02:16,540
And let's try adding Dashty option.

25
00:02:17,470 --> 00:02:23,800
Which default is set to 16, we're going to lower it just for the purposes of this command, so let's

26
00:02:23,800 --> 00:02:25,150
type it right here.

27
00:02:25,150 --> 00:02:30,520
Dashty for and then S.H. and then users and passwords that the.

28
00:02:31,930 --> 00:02:39,550
And here it is, we successfully found the correct log in to the same report on the target machine.

29
00:02:40,810 --> 00:02:47,110
All we had to do is type Hydra, the IP address, the four, and then we specify which protocol in our

30
00:02:47,110 --> 00:02:51,830
case we're using S.H. and then the passwords and usernames list.

31
00:02:52,510 --> 00:02:57,580
Now, if you wanted to check whether this is correct credentials, you can type S.H. wanted to do that

32
00:02:57,580 --> 00:02:59,530
168 at one dot 11.

33
00:03:00,530 --> 00:03:08,580
Here you want to select yes, and pardon me, we need to close this because we're trying to connect

34
00:03:08,580 --> 00:03:12,470
to the Mr. Hacker account on the target machine, which is nonexistent.

35
00:03:12,470 --> 00:03:20,780
So we must type as the sage route and then at this IP address right here, then we enter.

36
00:03:22,240 --> 00:03:29,340
It will ask for the password, and here we type or wasp BB as the password for the account.

37
00:03:29,590 --> 00:03:35,470
Now we're locked in on the target machine over at Serch and we can execute any commands that we want

38
00:03:35,470 --> 00:03:38,590
on the target machine, such as I have configured, such as who am I?

39
00:03:39,010 --> 00:03:46,150
We can type out as we can change directories and see all the files on the target system just because

40
00:03:46,150 --> 00:03:52,390
we successfully brute force the S.H. from here, we can delete the entire website if we wanted to.

41
00:03:52,600 --> 00:03:57,760
We can delete the operating system, we can create files, delete files and do pretty much anything

42
00:03:57,760 --> 00:03:58,360
that we want.

43
00:03:59,140 --> 00:04:05,380
OK, I just want to show you this, that there is another possibility with Hydra besides just targeting

44
00:04:05,380 --> 00:04:06,150
Web pages.

45
00:04:06,820 --> 00:04:11,620
Nonetheless, we are officially done with the brute force section and in the next lecture, we're going

46
00:04:11,620 --> 00:04:14,380
to take a look at sensitive data exposure.