Password cracking

Online password attack

I have a test machine set up at it4500-2.computing.utahtech.edu. You should attack the ftp or ssh service using hydra to see if you can crack the password for steve, sally, and fred. You should use this password file. Please record a print screen of the ultimate password results.

    hydra -l username -P 500-worst-passwords.txt it4500-2.computing.utahtech.edu ftp

Your results should look something like this (though you WON’T have xxxx’s for the password):

[22][ssh] host: 144.38.223.134 login: fred password: xxxxxxxxxxx [STATUS] attack finished for 144.38.223.134 (waiting for children to finish)

Hydra is also installed on oxygen and nitrogen.

Viewing server ciphers

Use sslscan to figure out what the preferred server ciphers are for the following servers (apt-get install sslscan). This is installed on oxygen. Make sure you are looking at port 443. Highlight the lines that contain the preferred server ciphers and put them in your document. If you get errors like ERROR: Could not create CTX object., you should add the --ssl3 argument immediately after the sslscan command.

• canvas.utahtech.edu
• mail.utahtech.edu
• submit.computing.utahtech.edu

Last Updated 12/30/2022