Advent of Cyber  2023 Day-3

Advent of Cyber 2023 Day-3


3 min read

Day 3 delves into cybersecurity aspects, focusing on password complexity and the vulnerabilities associated with weak passwords. The tasks involve practical demonstrations using tools like Crunch and Hydra to showcase the feasibility of brute force attacks.

To tackle the challenge, an AttackBox and Target Machine are utilized, emphasizing hands-on experience. The day's activities culminate in gaining unauthorized access to a PIN code-protected system, showcasing the practical implications of cybersecurity concepts.

Generating the Password List

Crunch is a versatile password generation tool used to create custom password lists based on specified criteria, aiding in cybersecurity tasks such as brute force testing.

crunch 3 3 0123456789ABCDEF -o 3digits.txt

This command generates a list of all possible three-digit PIN codes using the hexadecimal character set (0-9, A-F) and saves the output to a file named "3digits.txt."

Breaking our way in

Interception and Analysis of PIN Code Entry Request with Burp Suite:

In other words, the main login page http://MACHINE_IP:8000/pin.php receives the input from the user and sends it to /login.php using the name pin.

These three pieces of information, post, /login.php, and pin, are necessary to set the arguments for Hydra.

Method - 1 Brute Forcing with Hydra:

Next, Hydra is introduced for automated password testing. The HTML source code of the target page is analyzed to determine the form parameters. The Hydra command then tests each PIN code from the generated list.

hydra -l '' -P 3digits.txt -f -v MACHINE_IP http-post-form "/login.php:pin=^PASS^:Access denied" -s 8000

This command uses Hydra to perform a brute force attack on a login form at MACHINE_IP, testing each PIN code from the "3digits.txt" file.

The output confirms the successful discovery of a valid password for accessing the system.

Method - 2 Using FFUF:

To provide an alternative approach, we can use FFUF (Fuzz Faster U Fool), a fast web fuzzer written in Go. FFUF is versatile and can be employed for various types of fuzzing, including brute forcing.

ffuf -c -w 3digits.txt -X POST -d "pin=FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -u http://MACHINE_IP:8000/login.php -mr "Access denied"

This FFUF command conducts a brute force attack, replacing the placeholder "FUZZ" with PIN codes from the "3digits.txt" file in a POST request to the login form at MACHINE_IP, with subsequent output indicating the discovery of a valid password based on the specified "Access denied" response.

Alternatively, we can create a request.txt file for FFUF, use Burp Suite to intercept and save the target request, then execute FFUF with the -u option, specifying the request file path.

In summary, Brute Force Attacks leverage computational power to crack passwords, underscoring the need for strong security measures. Emphasizing vulnerabilities, this method highlights the ongoing necessity for robust security protocols, serving as a crucial reminder for organizations to fortify defenses against evolving threats.

Additionally, you can check out their Password Attacks Room.

That's all, folks!